Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.05.2018 01
Ran by Supermatt (10-05-2018 13:36:05)
Running from C:\Users\Supermatt\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-01-08 13:51:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3797239318-1157007529-570800937-500 - Administrator - Disabled) => C:\Users\Administrator.Supermatt-PC
Guest (S-1-5-21-3797239318-1157007529-570800937-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3797239318-1157007529-570800937-1002 - Limited - Enabled)
Supermatt (S-1-5-21-3797239318-1157007529-570800937-1000 - Administrator - Enabled) => C:\Users\Supermatt
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: COMODO Antivirus (Enabled - Up to date) {08B84BA8-CC77-5A8B-A100-3F522B1B6106}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Advanced Protection (Enabled - Up to date) {B3D9AA4C-EA4D-5505-9BB0-0420509C2BBB}
FW: COMODO Firewall (Enabled) {3083CA8D-8618-5BD3-8A5F-9667D5C8267D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Playpanel (HKLM-x32\...\{69967F97-E880-44B9-8383-5278BBC8809B}) (Version: 1.3.0.33 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Alive Video Converter (version 3.1.8.6) (HKLM-x32\...\Alive Video Converter_is1) (Version: - AliveMedia, Inc.)
Android Commander version 0.7.9.11 (HKLM-x32\...\Android Commander_is1) (Version: 0.7.9.11 - )
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Anime Studio Pro 10.1.1 (HKLM\...\ASP1011_is1) (Version: 10.1.1 - Smith Micro Software, Inc.)
Anime Studio Pro 11.0 (HKLM\...\ASP1100_is1) (Version: 11.0 - Smith Micro Software, Inc.)
AOMEI Partition Assistant Unlimited Edition 6.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF3D0}_is1) (Version: - AOMEI Technology Co., Ltd.)
APK Studio (HKLM-x32\...\APK Studio d49d3de) (Version: d49d3de - Vaibhav Pandey)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk Maya LT 2015 (HKLM\...\{2FB97E5C-14A5-47C8-BD85-69CC70471291}) (Version: 15.10.373.0 - Autodesk) Hidden
Autodesk Maya LT 2015 (HKLM\...\Autodesk Maya LT 2015) (Version: 15.10.373.0 - Autodesk)
Avid Application Manager (HKLM\...\{99E377DB-D2D0-44A5-8533-AA8BE1381644}) (Version: 2.5.1.115 - Avid Technology, Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\{B1DF3793-1651-4AE5-9CA0-E845DD8B526B}) (Version: 2.79.0 - Blender Foundation)
calibre (HKLM-x32\...\{7F1AA7AB-E4FB-46F7-AC2F-57D78D63A368}) (Version: 3.19.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{7159D1E5-62F5-42C9-825E-BE613B5DFB0F}) (Version: 2.38.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.00 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.5.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
Classware (HKLM-x32\...\{5F945DFC-3BD1-74F7-5090-8885D0F4B1C5}) (Version: 1.2.3 - Cambridge University Press Holdings Limited) Hidden
Classware (HKLM-x32\...\Classware.D18242EEED0228FFB0408CDB0EFA905F46FFD844.1) (Version: v1.2.3.7574 - Cambridge University Press Holdings Limited)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
COMODO Internet Security Premium (HKLM\...\{4F6FC44D-AE9F-472B-8F00-B8388BC9AA04}) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.4.2 - Foolish IT LLC)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1905.56 - CyberLink Corp.)
DFX (HKLM-x32\...\DFX) (Version: 12.014.0.0 - Power Technology)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON TX121 Series Printer Uninstall (HKLM\...\EPSON TX121 Series) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
e-Sword (HKLM-x32\...\{0BF38804-B6AE-4C32-9564-B0C0E7188D62}) (Version: 11.00.0006 - Rick Meyers)
e-Sword Macros for Word 2013 (HKLM-x32\...\{4A0259D2-7278-4B23-B594-60B4124015A6}) (Version: 10.04.0000 - Rick Meyers)
e-Sword Macros for Word 2013 (HKLM-x32\...\{B9FDCE73-DC39-4671-8F2E-2CA5ACB924B0}) (Version: 10.02.0000 - Rick Meyers)
ExamView Assessment Suite (HKLM-x32\...\{C59DE8FB-B81E-4386-B719-A8C95C16544B}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Beginner) (HKLM-x32\...\{eebe1d9a-486c-40e7-ae07-1892b3b2b7b4}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Elementary) (HKLM-x32\...\{ecb8a57a-21dc-4667-95f5-e2eff83733df}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NG Life_Pre-intermediate) (HKLM-x32\...\{78d3c66f-5c7d-4da7-96eb-4e405a5406f2}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NGL Our World Assess Level 1-3) (HKLM-x32\...\{8da61a8f-877e-443d-b448-3d1e60118184}) (Version: 8.1.107.70421 - eInstruction)
ExamView Content (NGL Our World Assess Level 4-6) (HKLM-x32\...\{4431b83a-1e23-458e-9f6c-a1d8270b6694}) (Version: 8.1.107.70421 - eInstruction)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)
GameMaker Studio 2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\GameMakerStudio2) (Version: - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hippo Animator 3.8 (HKLM\...\Hippo Animator 3) (Version: 3.8.5316.24610 - Hippo Studios)
HostsMan 4.6.103 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.6.103.0 - abelhadigital.com)
IL Autogun (HKLM-x32\...\IL Autogun) (Version: - Image-Line)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Intel® Graphics Performance Analyzers 2013 R3 (HKLM\...\{B48DBBEE-2CCB-492E-2571-78ECE93329CB}) (Version: 13.3.0.207307 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.5 - PACE Anti-Piracy, Inc.)
Kernel for VHD ver 12.06.01 (HKLM-x32\...\Kernel for VHD_is1) (Version: - Lepide Software Pvt.Ltd)
LenovoTool 1.2.2_os (HKLM-x32\...\LenovoTool) (Version: 1.2.2_os - Lenovo)
LenovoUsbDriver 1.0.12 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.12 - Lenovo)
LifeBeg (HKLM-x32\...\{BC41E108-ACA5-25E9-039A-09085C1A15F0}) (Version: 1.0 - UNKNOWN) Hidden
LifeBeg (HKLM-x32\...\com.adobe.example.LifeBeg.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
LifeElem (HKLM-x32\...\{926447E2-8B00-F3D3-FA7A-73DE25CE5CF9}) (Version: 1.0 - UNKNOWN) Hidden
LifeElem (HKLM-x32\...\com.adobe.example.LifeElem.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
LifePreInt (HKLM-x32\...\{76B7A5CD-3757-D3A7-7321-86677926B755}) (Version: 1.0 - UNKNOWN) Hidden
LifePreInt (HKLM-x32\...\com.adobe.example.LifePreInt.EE56868B10F1E873F72054D45113DA2EF16FE085.1) (Version: 1.0 - UNKNOWN)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Independence Libraries Common Files (HKLM\...\{2014CA36-C62B-4E1D-9816-1EDE4845E0F0}) (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Libraries Common Files (HKLM-x32\...\MAGIX_{2014CA36-C62B-4E1D-9816-1EDE4845E0F0}) (Version: 3.1.0.0 - MAGIX AG)
MAGIX Independence Pro 3.1 VST-Plugins (HKLM\...\{74CC038C-E942-42A7-A54A-4CB686050428}) (Version: 3.1.0.0 - MAGIX AG) Hidden
MAGIX Independence Pro 3.1 VST-Plugins (HKLM-x32\...\MAGIX_{74CC038C-E942-42A7-A54A-4CB686050428}) (Version: 3.1.0.0 - MAGIX AG)
MAGIX Independence Pro Software Suite 3.1 (HKLM\...\{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.1.1.11 - MAGIX AG) Hidden
MAGIX Independence Pro Software Suite 3.1 (HKLM-x32\...\MAGIX_{12FBE83D-482B-4D82-BAC7-665B7DD79DB2}) (Version: 3.1.1.11 - MAGIX AG)
MAGIX Music Maker 2014 Premium (HKLM\...\{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (HKLM-x32\...\MX.{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM\...\{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Introductory videos) (HKLM-x32\...\MX.{4BA5297E-60A6-4F18-9AAC-25A878C4E38C}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM\...\{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM-x32\...\MX.{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Visuals) (HKLM\...\{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Visuals) (HKLM-x32\...\MX.{A6A5590A-0FF9-4FD9-AD8D-17B5BCBE06F5}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium Soundpools (HKLM\...\{095A41CD-2500-4783-AE28-87E05653CDE7}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Soundpools (HKLM\...\{6F1F7E62-A579-434C-9610-F6FE2930C02E}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.5 - Smith Micro)
Math Resource Studio 5 (HKLM-x32\...\{946E9741-5FAE-4011-9019-BC1FAF3FE99D}) (Version: 5.0.14.1 - Schoolhouse Technologies)
MCreator 1.7.7 (HKLM-x32\...\MCreator 1.7.7 Installer) (Version: - Pylo)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Toolkit 2.4.0.0 (HKLM-x32\...\Microsoft Toolkit 2.4.0.0) (Version: 2.4.0.0 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4 (HKLM-x32\...\{C5564379-582D-457A-9E68-A9E7C1F1C4EC}_is1) (Version: 1.4 - Sam Rodberg)
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version: - MiniTool Solution Ltd.)
MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nitro Pro 9 (HKLM\...\{BC8E7DF0-4434-4688-B615-0A3E5FACFC26}) (Version: 9.0.4.5 - Nitro)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
Our World 1 AE 2.0 (HKLM-x32\...\Our World 1 AE 2.0) (Version: 1.0.0.0 - )
Our World 2 AE 2.0 (HKLM-x32\...\Our World 2 AE 2.0) (Version: 1.0.0.0 - )
Our World 4 AE 2.0 (HKLM-x32\...\Our World 4 AE 2.0) (Version: 1.0.0.0 - )
Our World 6 AE 2.0 (HKLM-x32\...\Our World 6 AE 2.0) (Version: 1.0.0.0 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
Prerequisite installer (HKLM-x32\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0005 - Nero AG) Hidden
Puran Utilities 3.1 (HKLM\...\Puran Utilities_is1) (Version: - Puran Software)
Qualcomm USB Drivers For Windows (HKLM-x32\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.25 - QUALCOMM Incorporated)
RealDownloader (HKLM-x32\...\{2275115D-1431-4A62-A98F-2F0393815327}) (Version: 18.1.9.106 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{45bcec97-14a2-4e10-a129-58d2d0b34398}) (Version: 18.1.9.106 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.9 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Schoolhouse Test 4 (HKLM-x32\...\{F5C9D54B-C338-4EF1-89D4-94F369CFC061}) (Version: 4.0.3.3 - Schoolhouse Technologies)
Sibelius (HKLM\...\{6420DC80-3BCF-4C96-A209-B0C5D26E140D}) (Version: 8.2.0.89 - Avid Technology)
Sibelius 7 OpenType Fonts (HKLM-x32\...\{623C2BD8-1B28-4F98-B578-E9D139827269}) (Version: 7.1.3 - Avid)
Singing Coach 5 Pro (HKLM-x32\...\Singing Coach 5 Pro) (Version: 5.0.5.0 - Electronic Learning Products, Inc. )
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Speech Support (HKLM-x32\...\Speech Support) (Version: - LEC)
SpeechRedist (HKLM-x32\...\{8795CBED-55E2-4693-9F14-84EC446935BE}) (Version: 1.0.0 - Epic Games Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SuperBeam (HKLM\...\{1E690789-503A-4733-B224-7FE1DA597F2A}_is1) (Version: 7 - LiveQoS Inc)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.14.0 - Synaptics Incorporated)
Telegram Desktop version 1.0.2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.2 - Telegram Messenger LLP)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Tixati (HKLM-x32\...\tixati) (Version: - )
Turbo Studio 17 (HKLM-x32\...\{80bc26f1-601d-4766-b205-404db5168343}) (Version: 17.0.1.0 - Code Systems)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.4.3 - CrystalIDEA Software, Inc.)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 6.01 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vita 2 (HKLM\...\{84CB6E60-E7CB-429F-AF9A-44F035889123}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 add-on content (HKLM\...\{77C4AF18-19ED-489E-84D3-203E3862F6BC}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Drum Engine (HKLM\...\{5D8D5B24-732C-4AA6-ABFE-9EAFF12064A4}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Piano (HKLM\...\{C1109FC5-35DA-403C-AE1D-99295EDB6FA9}) (Version: 1.0.2.0 - MAGIX AG) Hidden
Vita Jazz Drums (HKLM\...\{7A22C523-501D-4FD2-B9AD-BBEE8AFAED44}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Pop Brass (HKLM\...\{3CAD92B3-6BA0-44A4-A546-162520A80BB3}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Power Guitar (HKLM\...\{96826F72-1E29-4AB8-9312-84E664DCE474}) (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Vintage Organ (HKLM\...\{4F6B2EA9-4598-4653-B13A-E27AA387DC9B}) (Version: 1.0.1.0 - MAGIX AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vocabulary Worksheet Factory 5 (HKLM-x32\...\{DCC3A680-485D-4C55-AEDE-A87483B99E54}) (Version: 5.0.20.4 - Schoolhouse Technologies)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WhatsApp (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\WhatsApp) (Version: 0.2.8000 - WhatsApp)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\WinDirStat) (Version: - )
Windows Driver Package - MediaTek Inc. (usbser) Ports (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Windows Driver Package - MediaTek Inc. (usbser) Ports (12/24/2011 2.0000.0.0) (HKLM\...\D0E6296D177F42BB31C0200E49412003DB6C4633) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Data Recovery(Build 5.0.3.13) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 5.0.3.13 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
WordWeb Pro (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
XiaoMiFlash (HKLM-x32\...\{17027A8C-4379-424D-9236-075003273CE3}) (Version: 1.1.4 - XiaoMi)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.8.20150402 - Xilisoft)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-18] ()
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-04-16] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2017-09-16] (RealNetworks, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-01-10] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-03-14] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-04-16] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02170602-07F0-446E-8EF6-4FCF2D7FCE4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {0FE1F78F-1F58-4105-9BDE-B3C6ED7DD4B2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {35541BD8-08B8-456E-977E-5ABF73EA6E11} - System32\Tasks\Intel® GPA Monitor 13.3 => C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe [2015-09-14] (Intel Corporation)
Task: {3704F14D-700A-4BAE-A91E-66B9EA645E52} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {3AE3FB84-1465-4EBA-B033-D42FECA4FA61} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {3BD3C4D8-5152-4ABB-ACB9-F60AE7A8216E} - System32\Tasks\{C173130E-3670-44A5-A0A3-8FFD0695BA69} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe
Task: {47B38BDB-0F7A-4FDB-9956-602A9CCBD69D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {4F68631E-92EC-4599-8299-E5B773FEE018} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {582212B9-A012-48FD-915E-975D0E0ED486} - System32\Tasks\{276A30E3-DC17-4817-B9CF-7C12127C6DE2} => C:\Windows\system32\pcalua.exe -a C:\Users\Supermatt\Desktop\MiFlashUnlock_1.1.0317.1_en\MiUsbDriver.exe
Task: {58526FD5-F666-4078-B306-47B0D26CB9AA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\program files (x86)\real\RealDownloader\realupgrade.exe [2017-08-17] (RealNetworks, Inc.)
Task: {59BB5577-DD6F-4D2D-A725-2A3A440C2A0F} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {5C1D53F2-A431-4D09-9788-5288219B42B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7D57EBF5-3183-4D3C-B0D2-EE0509E50F84} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2018-03-14] (COMODO)
Task: {8F4CF6A0-B45B-4E52-9009-C505F9D7A091} - System32\Tasks\COMODO CertSentry Updater => C:\Windows\system32\certsentry.exe [2015-04-17] (COMODO CA Limited)
Task: {906A2DDB-F2B5-443F-A1FF-80906798196F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2018-03-14] (COMODO)
Task: {9EA43A95-A8CD-4975-B11A-748D6AC8948D} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2017-09-16] (RealNetworks, Inc.)
Task: {A9EE4656-CBCB-40A3-AD82-BD7D16B21D4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {AC6746AC-3DDB-4151-A4FD-E07E2AE93159} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2018-03-14] (COMODO)
Task: {AFDA95AA-E786-438B-994E-9AF9C9915827} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B0C50936-9A0B-408D-95D3-92E39A4583F2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797239318-1157007529-570800937-1000 => C:\program files (x86)\real\RealDownloader\realupgrade.exe [2017-08-17] (RealNetworks, Inc.)
Task: {B24A5D00-4852-4973-BF13-57FE01076CA3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-23] (Adobe Systems Incorporated)
Task: {E620F070-9DCA-4003-9542-72629F7DB336} - System32\Tasks\{6C4FAF2A-FE02-4337-A7DF-AE99D7B71E73} => C:\Program Files (x86)\Smartfren Connex CE81B UI\WirelessModem.exe
Task: {F253961A-27C4-473E-BCE3-AC65C4E55B84} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2015-01-29] (Acer Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Supermatt\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
==================== Loaded Modules (Whitelisted) ==============
2017-08-29 05:56 - 2018-03-14 00:17 - 000244416 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2017-08-29 05:56 - 2018-03-14 00:17 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2013-10-17 11:23 - 2013-10-17 11:23 - 008866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-18 05:42 - 2016-05-18 05:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2009-09-21 15:04 - 2009-09-21 15:04 - 001501696 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-02-28 09:21 - 2015-12-25 15:28 - 001328632 _____ () C:\Program Files (x86)\DFX\DFX.exe
2010-06-25 09:08 - 2010-06-25 09:08 - 000173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-02-28 09:14 - 2015-12-25 15:28 - 000133624 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2015-02-28 09:18 - 2015-12-25 15:28 - 000134648 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2015-02-28 09:48 - 2015-12-25 15:28 - 000051192 ____N () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2016-01-07 21:56 - 2016-01-07 21:56 - 000012288 _____ () C:\Program Files\Avid\Application Manager\QtWebEngineProcess.exe
2015-08-12 16:15 - 2015-08-12 16:15 - 007803392 _____ () c:\program files\avid\application manager\jre\bin\server\jvm.dll
2018-05-10 13:05 - 2018-05-10 13:05 - 000152576 _____ () C:\Users\Supermatt\AppData\Local\Temp\ext3909189987930403250.dll
2016-06-30 01:01 - 2016-06-30 01:01 - 008166536 _____ () C:\Program Files (x86)\SpeedFan\speedfan.exe
2017-07-20 16:03 - 2017-09-07 15:39 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2018-05-03 17:23 - 2018-04-26 10:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-05-03 17:23 - 2018-04-26 10:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
2014-09-13 22:46 - 2014-09-04 10:41 - 000047496 ____N () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-09-13 22:46 - 2014-09-04 10:41 - 000104328 ____N () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-02-28 09:43 - 2015-12-25 15:28 - 000052216 ____N () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2018-05-10 13:01 - 2018-05-10 13:01 - 000158720 _____ () C:\Users\Supermatt\AppData\Local\Temp\sfareca00001.dll
2018-05-10 12:54 - 2018-05-10 13:01 - 000192512 _____ () C:\Users\Supermatt\AppData\Local\Temp\sfamcc00001.dll
2013-10-17 11:23 - 2013-10-17 11:23 - 008866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\autoexec.bat:$CmdTcID [64]
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Windows\IsUninst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audioLibVc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\BcmBtRSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\bdsandboxuh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bdsandboxuiskin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\btwdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280C.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280I.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280L.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNC280O.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNMIUAA.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CNMLMAA.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPD64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DDPO64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDPP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSBoostDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSLFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PGFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PLFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSU2PREC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\E_GCINST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\E_IBCBGGI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FMAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gfxSrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\GfxUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hccutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\hkcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ig4icd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igd10umd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igdumd64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxcmjit64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxcmrt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxCoIn_v2993.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IGFXDEVLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxexps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxpers.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxpph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrara.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrchs.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrcht.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrcsy.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrdan.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrdeu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrell.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrenu.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxresn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxress.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrfin.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrfra.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrheb.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrhrv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrhun.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrita.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrjpn.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrkor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrnld.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrnor.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrplk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrptb.lrc:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\igfxrptg.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrrom.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrrus.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrsky.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrslv.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrsve.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrtha.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxrtrk.lrc:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxsrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igfxTMM.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\igfxtray.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IntcDAuC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KAAPORT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO4064.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO5064.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek264.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxAudioVnN64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxSpeechAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MISS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpenAL32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEA64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\R4EEL64A.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\R4EEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RCoInstII64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RP3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtDataProc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTEEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkApi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCfg64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtkCoLDR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTKSMlfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTKSMSettingsIPC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RtlCPAPI64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RtPgEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTSnMg64.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFNHK64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sl3apo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slcnt64.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\slprp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sltech64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSHP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSTSX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SRSWOW64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SupportTool.exe.bat:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynCtrl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SynGlwPadShlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynTPAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SynTPCo8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tadefxapo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tadefxapo264.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tepeqapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tosade.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tosasfapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\toseaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tossaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WavesGUILib64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01007.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wrap_oal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CNC280L.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CNC280U.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ig4icd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igd10umd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igdumd32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igdumdx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxcmjit32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxcmrt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxdv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\igfxexps32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MaxxAudioAPOShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft Toolkit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ReWire.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SFCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\subinacl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynTPCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SynTPEnhPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ViewPDF01.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vorbis.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wPDFView01.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\androidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\aswTap.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bcbtums.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\btwaudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\btwl2cap.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\btwrchid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\CisUtMonitor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cmnxusbser.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cnnctfy3.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfx11_1x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfx12x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorA.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorF.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\igdkmd64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\IntcDAud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\IntelHaxm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\k57nd60a.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\kbfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\leusbser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndiskhaz.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\SynTP.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tapSF0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmactmon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TMEBC64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmeevw.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmevtmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmnciesc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tmusa.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TosBtCi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosporte.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfbnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfcom.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Tosrfhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfnds.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TosRfSnd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tosrfusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TurboB.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetLwf.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSB.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSBMon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wcmvcam64.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\cis28B.exe:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\cis6DFC.exe:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [169]
AlternateDataStreams: C:\Users\Supermatt\Desktop\vhdfull.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Desktop\vhdfull.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1-100 pic.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1-75.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1. Chairein.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1. DEO (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\1. DEO.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\10. MICHAEL.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\12. BILLY.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\13. SAMANTHA.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2. HENOKH.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2. Michelle - English.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2. Michelle.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2013macros (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2013macros (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160104 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160104.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160105.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\20160113.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\2337_the_simple_past_tense.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\3. ALFEUS.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\31785_whats_the_weather_like.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\32186_jobs__occupations.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\3650559416010026653.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\4. VICTORIA.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\43_____Macmillan_English_Grammar_in_Context__gnv__..torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\461785816034XXXX.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\4745_the_present_perfect_tense.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\488939-images-of-soccer-field.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\5. SHALOM.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\544741804332XXXX (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\544741804332XXXX.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\6 Kung Fu Secrets for Flexibility & Higher Kicks.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\6. CECILIA.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\67Grammar_Games_For_Children______..torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\7. JASON'S.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\7010296916010026635.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\8. NATHAN.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\8m05bb36g04.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\9. SEBASTIAN (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\9. SEBASTIAN.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\9. THIERY.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\AC07911_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\AC07911_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\adjectives.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\All MTK USB Driver 2014.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Analytic-Rubric-Template.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ANSWER SHEET GRADE 4-6 TEST 1 SEMESTER 2 2017.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions (1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions (2).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\asking-and-giving-directions.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\autogun_install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\autogun_install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\A_Better_Camera_Unlocked_v3.31.TROJAN.ONHAX.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Bible 2.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Bible.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Blood Moon Rise.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Bluetooth_Broadcom_6.3.0.6000_W7x64_A.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\book on a desk.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy and girl talking.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy in a musem.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Boy soldier.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\boy-girl- Hello.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\brickman.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\C._K.Chu_-_The_Book_of_Nei_Kung_1st_ed.pdf.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\calibre-64bit-2.38.0.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cameyo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cameyo.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\can-you-tell-me-the-way.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CAT B GR 3 - 4 - Spelling Bee Wordlist.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\cat in a box.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CC statement template konvensional_20160118_0055794802.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CC statement template konvensional_20160418_0060467347.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ccsetup512_slim.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ccsetup512_slim.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ChromeSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ChromeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cities-and-Towns-Transcript (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cities-and-Towns-Transcript.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\cn+v5-8gb.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\coherence-cohesion.ppt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\com.nuance.swype.trial_2.1.0.2010030.41841-2010030_minAPI14(armeabi)(nodpi).apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Connect2Portal.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Connect2Portal.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Cows can't do that.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Crazy katy.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CryptoPreventSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\CryptoPreventSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\cu31924031764594.epub:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\D467_Storytelling_handbook_FINAL_web.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DCUO_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DCUO_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\demonstrative-pronouns.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Disk2vhd.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DOSBox-0.74-install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DOSBox-0.74-install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\DriverBackupAxioo9G.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\drove a car.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Dungeon Master II - The Legend of Skullkeep.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\dungeon-master-2.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EBRtweak_1.2-w-instructions.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EBRtweak_1.2.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EC FINALTEST MAY 2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\english-pronouns.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\English_Grammar_in_Use_rd_Edition_CD___Demonoid.com___..torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EQ_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EQ_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables20093122229851430194.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2009521133639530074079.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables20096719959341029384.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201021914855766628530.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201022401613547116161.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201098125924964636505.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2011629165151324736806.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables201421402831610.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eslprintables2016122233302070.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_01192016 (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_01192016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\eStatement_04192016.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EXE.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\EX_Kernel_Manager_2.55.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\f2v7x.W.C.I.PS.C.K.D.M.M.A.B.C.part1.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\f2v7x.W.C.I.PS.C.K.D.M.M.A.B.C.part2.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\F8CB.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Family Sturcture.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FBFBBBAD0DD7E14D41B8610E16DD97E18AFDD350.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FE Advanced - the MoonX.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ffmpeg-win-2.2.2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ffmpeg-win-2.2.2.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Fire Resque.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FL_SM_v2.0.1[Androidiha.com].apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\fragment.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\FRX07.1_Full_Bundle_20110901.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_17792_word_formation_from_verb_to_noun_or_adjective_1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_17792_word_formation_from_verb_to_noun_or_adjective_2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_18587_word_formation_from_adjective_to_noun_or_verb_1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\full_18587_word_formation_from_adjective_to_noun_or_verb_2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Fundamentals_of_English_Grammar-Teacher_s_Guide_0130136344.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\fvp_setup_2.0.1.163fi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\fvp_setup_2.0.1.163fi.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GBX0A_Full_Bundle_11.3.2011.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Girl and Boy talking.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Globe1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\googledrivesync.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Supermatt\Downloads\googledrivesync.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 1 - 2 wordlist (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 1 - 2 wordlist.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 3 - 4 - Spelling Bee Wordlist (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 3 - 4 - Spelling Bee Wordlist.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\GR 5- 6 SPELLBEE 2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\guitar-sale-poster.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\hard work.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\He has to go to the dentist.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\He has to take out the trash.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Hobbies.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Holistic-Rubric-Template.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\HostsMan_4.6.103_installer.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\House burn.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Hubble space from NASA.Gov.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\HxDSetupEN.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IDM Integration Extention.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IDM.6.25.Build.12-Maherz.softarchive.net.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\idman.6.26.2f.softarchive.la.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\idman625build12.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\idman625build12.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IDMGCExt.crx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IntelAndroidDrvSetup1.1.5.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\IntelAndroidDrvSetup1.1.5.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Kadosh.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Kadosh_Adonai_(Hebrew)_Elisheva_Shomron_(w_lyrics).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Kernel.VHD.12.06.01.softarchive.net.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\kernel_injector.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lame_v3.99.3_for_Windows.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lame_v3.99.3_for_Windows.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lazy guy.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Lenovo-P780-ReParted-0.2.2-ID-EN-Aroma.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\listening test 1 semester 2 grade 7 - 9 2016 - 2017.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\little-girl-in-museum.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\making-words-negative-verbs.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\man-falling-down-stairs1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\manual.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\map_places-in-town.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mbae-setup-1.08.1.1045.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mbae-setup-1.08.1.1045.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MediaCreationTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MediaCreationTool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MEGA-RECOVERYKEY.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Men can't do that.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\meteos-mtk6589-rom-edit-8gb-en.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MicrosoftFixit50641.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MiFlashUnlock_1.1.0317.1_en.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mintywhite-1003-fonts-megapack.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MiPhone20151028.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MiPhone20151028.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Mounts2SD-3.4.8-unlocked.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MSTK.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MT65xx-Port-Lewa.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\MTK6589_Partition_4GB_8GB_16GB.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\mysteries.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\never drove a car.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\never rode a horse.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\NewGoogleInstaller2.0MS.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\NewKingrootV4.82_C138_B250_en_release_2016_03_09_105203.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\numbers.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Old man boarding.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\P780ROW_8Gb_ReParted_Data_no_int_sd_no_backup.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Paramedic help.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\paraphrasing plant cycle-6.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\parts-of-a-plant.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Patch_V6-2015-07-01.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\PATRICIA1812_503535968.CSV:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\People can't do that.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\plant-vocabulary-worksheet.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\PortableApps.com_Platform_Setup_14.2.paf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\PortableApps.com_Platform_Setup_14.2.paf.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\prepositions of movment 2.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\prepositions of movment.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\produkey-x64.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Puppy for sale.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\puppy under a tree.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Pure_Graphic_HD_Tweak.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Reflex_Bow-Pleasure_Paradox-GApps-ODEX-saga.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rem-VBSworm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rem-VBSworm.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\REMA-TIP-TOP-SC2000-Cement-Bonding-Procedures-Rev4.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Remix_OS_for_PC_Android_M_64bit_B2016112101.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rode a horse.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\row+v5-8gb.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\RUGOS_0.TTF:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Rules.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Samuel.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Santo (Kadosh) .mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\scaryman.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ScatterEditor_v1.06.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Scatter_files_4GB_and_8GB.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Seeder-2.0.0.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup1040.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\setup1106.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SHAREitLENOVOSUPPORT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SHAREitLENOVOSUPPORT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Sharp dressed man.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SileadTouch.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SILVA-Sniper.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\simple present tense daily routines exercises worksheet.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Single-Point-Rubric-Template-1 (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Single-Point-Rubric-Template-2.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SMP - SPELLING BEE WORD LISTS (1).doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SMP - SPELLING BEE WORD LISTS.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\souvenirs.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\spelling bee word list.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\stack-mvp-membership-resources-6ae8.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\sunrise_182853.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\SUPERAntiSpyware.Pro.6.0.1212.sanet.me.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\superbeam-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\swimming.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Talking together.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\test 1 semester 2 grade 4-9 2016-2017 (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\test 1 semester 2 grade 4-9 2016-2017.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\test3-openrecovery-TWRP-saga-2.8.1.2-unofficial.img:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\The Middle East in Jesus Day.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\tixati-2.12-1.win64-install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\tixati-2.12-1.win64-install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\toporesize-0.7.1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\touch-driver-win8-10.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\TPDriver.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-client-3.33.1409.0.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-client-3.33.1409.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\turbo-studio-17.0.794.1.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\twrp-2.8.4.0rev2-p780row.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\twrp-2.8.7.1rev1-p780row+.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\UAPM-1.41.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\ubuntu-14.04.4-desktop-i386.iso.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Unconfirmed 820659.crdownload:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\unit-3.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Universal_Extractor (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Universal_Extractor (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\UPDATE-SuperSU-v2.46.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\UWT.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VHDTool.w32.1.0-b1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\VhdTool.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\vhdxtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\vhdxtool.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WeatherMonitor.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\well dressed girl.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\What's your name.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\Win.KMS.Activator.Ultimate.2016.3.0.softarchive.la.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WinDroid 7 (GGT) 09-04-2016 0-18-37.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WM9Codecs.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\WM9Codecs.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Supermatt\Downloads\wpsetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\x-demonoidcom-x_over_70_english_grammar_and_writing_books_5100102926.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\xposed-v80-sdk22-arm64-MIUI-edition-by-SolarWarez-20160217.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\XposedInstaller_3.0_alpha4.apk:$CmdZnID [26]
AlternateDataStreams: C:\Users\Supermatt\Downloads\[limetorrents.cc]Malwarebytes.Anti-Malware.Premium.2.1.8.1057.Multilingual...KeyGen.by.FFF.torrent:$CmdZnID [26]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\sony.com -> sony.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-09-12 23:18 - 2016-12-17 00:32 - 000000697 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 license.superantispyware.com
127.0.0.1 tonec.com
127.0.0.1 internetdownloadmanager.com
0.0.0.0 license.superantispyware.com
0.0.0.0 keystone.mwbsys.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Supermatt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.3.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: DragonSvc => 3
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "PowerDVD12DMREngine"
HKLM\...\StartupApproved\Run32: => "PowerDVD12Agent"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "MagicPlusHelper"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-3797239318-1157007529-570800937-1000\...\StartupApproved\Run: => "GoogleDriveSync"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{219A26F1-820B-49F7-B661-6C4E6944FC2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{AAAA85EC-D718-47C9-879C-CDA8579CEFF6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{705D0812-999F-4EF8-8025-FFA528D0E6D0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{80E07C3D-27C6-47CF-8574-218C777634AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9848B36B-2273-4286-BF90-C2B5466218E2}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{6F5EA031-9D3E-4CB9-8F7D-9A40E84582ED}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{87BC4FC3-2EB9-476F-9BB0-DE43EC4B3C67}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{9DAF9614-B9CF-4360-BDF7-6B2C919C1F08}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{5E34C749-0653-4A6F-A3E0-A49DEAA7974D}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [{3754294B-8BC5-409F-B742-3D4DB2D82D78}] => (Allow) LPort=51001
FirewallRules: [{CE38EE3F-28BE-444A-A851-C14A7EEE0DA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{8A0746D9-2F0D-4D23-A0EB-85FB8C59C068}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{0B2529E6-9DCF-451A-B3F5-1A29AFC0D005}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2968D884-222C-4949-BA1D-5AE2871B37FD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{717759C5-69C3-4E26-B94C-3195D192A090}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{79F7CDED-6AC6-4D56-A3FF-0993692193FC}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [UDP Query User{7C74F8CF-3178-4E87-8461-C3E22F58B130}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
FirewallRules: [{C5604AA7-992D-4CCB-8CEB-0F774590582D}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe
FirewallRules: [{85E81382-982E-4DC7-9488-F0B13DBE20CC}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{0022D6B1-7412-4FA2-B941-CC9CC80AF313}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{AAF0200E-A99F-484B-88DD-31680040AB7C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{AC0B44C7-FB73-499A-A74A-537201C64AA8}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{FD1E42B2-3866-4BC7-B7CC-2E4EFA78BBAB}] => (Block) %ProgramFiles% (x86)\Nero\Nero ControlCenter\NCC.exe
FirewallRules: [{A8C5307B-204A-4D37-AB9D-B92A42C31853}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{FB183F9E-6CEC-4CBF-B482-D0647D4D7F83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9E6A5106-9A61-419D-8BD2-BC947901BB3D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{56C037E2-0A93-42E4-9547-FC027885C4A5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{6C1857C7-8DD9-4830-A921-AB9EFE6799DB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F20B86A7-CAC9-4BF8-8B0C-FF956FA04AD7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{1794799F-581F-4D42-A2EA-8107C64E181E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [UDP Query User{1D2BD891-2C37-4825-9E90-86328CF4945E}C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe] => (Allow) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{D582C995-C7C4-45BC-80B6-D9EC290B85D2}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{5C2A35BE-D115-46D0-81DE-4FDC493A134C}] => (Block) C:\program files (x86)\java\jre7\launch4j-tmp\mucommander.exe
FirewallRules: [{D3A755B2-C040-419E-BB8D-5A0E1A85A434}] => (Allow) LPort=8080
FirewallRules: [{02FFB931-CD4D-4B17-BDA6-D75E1BB10A7E}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{27D72650-BB1A-456A-B524-C7BEAED4FAF9}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{286DC3F0-C4B8-419E-9431-C1A34A1B4656}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{8339AEBF-2F6E-4822-A7D0-9CD7FD90361B}] => (Allow) C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe
FirewallRules: [{60BC5D15-6BDE-48CE-A1F3-220D15C2DFDD}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{6A17B749-DC74-46E5-9372-143DA0658AF0}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{D1255087-7376-482A-9997-246634CE9C89}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{3288B3B5-C77A-4E44-8B9A-3380D4679FBF}] => (Allow) C:\Program Files (x86)\PowerISO\PowerISO.exe
FirewallRules: [{6E2601F2-02AB-4D75-BE72-ED4D258538E9}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{FEE5923B-4360-48B6-8921-ADF4A4D7FF64}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{22A4CDB9-0712-421B-A4F5-47328E5673E2}] => (Allow) LPort=7935
FirewallRules: [{6FDEC213-17B7-449F-A107-AA36C0B3CB02}] => (Allow) C:\Windows\SysWOW64\router.exe
FirewallRules: [TCP Query User{B0CA7870-EE47-4CD0-AE1D-840F0019323E}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe
FirewallRules: [UDP Query User{A35E3EB5-8AE3-4C09-A4DB-024B80BCD2A4}C:\program files\java\jdk1.7.0_75\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_75\bin\jmc.exe
FirewallRules: [TCP Query User{7294E9ED-8FF7-43D3-B62D-640521C54937}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{D1388B3A-DDC7-416E-BAB4-993690A1BF3A}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{BE2522F0-A7BC-429B-A14D-6ADF52657A8E}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe
FirewallRules: [{CF44B602-D564-4384-B8C6-565D3BD0C9D6}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 10\Anime Studio Pro x64.exe
FirewallRules: [{CC846382-CC29-4046-A8DB-D39D3375CC9D}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{60CB4EC5-7966-44CA-999C-4E623543290A}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{48B2E9D5-9083-4DAB-9A59-8CC242D86704}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{5E3F9622-3508-450F-9C87-5FF416430443}] => (Allow) C:\Program Files (x86)\Smith Micro\Anime Studio Pro 11\Anime Studio Pro Win32.exe
FirewallRules: [{526BD3DF-653B-4ABD-93DA-0A65DCEBC387}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{11C51389-8697-4972-83E3-0DA53541B953}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{8C089F28-6842-444C-8022-39AC99CAE226}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{91A56486-9729-4326-9EFA-432BB85D8F21}] => (Allow) C:\Program Files\Smith Micro\Anime Studio Pro 11\Anime Studio Pro x64.exe
FirewallRules: [{0A90557A-DA7B-477D-B9A2-32ABC7026234}] => (Allow) LPort=17234
FirewallRules: [{F724E459-45E6-4AD0-98CB-50B4B5068122}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe
FirewallRules: [{0EA1ACAC-67E7-4B25-B10C-AB3D7AC8B4FB}] => (Allow) C:\Program Files\Intel\GPA\2013 R3\gpamonitor.exe
FirewallRules: [{7D8BFB07-6AF2-4380-8E48-FD2B18D910F6}] => (Allow) C:\Program Files\SuperBeam\SuperBeam.exe
FirewallRules: [{6418B01D-8DFA-4722-8942-AF673C661486}] => (Allow) C:\Program Files\SuperBeam\app\ssl-proxy
FirewallRules: [{592A0725-5F25-40EF-9DB3-7C6E823657E0}] => (Allow) C:\Program Files\Avid\Application Manager\jre\bin\java.exe
FirewallRules: [{7109E65B-E4A1-4B09-8A8C-C7A4D7C00EA1}] => (Allow) C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe
FirewallRules: [{02FE2634-D65F-4430-B855-A78C6BAE88FD}] => (Allow) C:\Program Files\Avid\Application Manager\AvidAppManHelper.exe
FirewallRules: [{D8BE8888-629A-4AFA-B6E0-75E40B4E3F23}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{8AE424B6-BFB7-455B-AE17-5D821A455C6A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EC9EB48D-E841-4687-B421-45BCD07D0EC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8A3BF257-E86D-4A8D-945A-F475DAF09348}] => (Allow) C:\Program Files\SuperBeam\SuperBeam.exe
FirewallRules: [{A519E786-F885-47A0-AC8C-2AA235288156}] => (Allow) C:\Program Files\SuperBeam\app\ssl-proxy
FirewallRules: [{F6C97284-8D40-4FC7-BC40-75B818AA48DA}] => (Allow) LPort=8080
FirewallRules: [{D1D458A2-2D9D-4467-B5AD-6FBE36B636DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
04-05-2018 14:53:23 Buddy safe
04-05-2018 16:34:55 Windows Backup
07-05-2018 23:50:06 Removed Java SE Development Kit 7 Update 75 (64-bit)
08-05-2018 00:06:31 Removed Java 8 Update 171
08-05-2018 00:24:50 Removed Java 8 Update 171 (64-bit)
08-05-2018 00:26:05 Removed Microsoft Silverlight
09-05-2018 15:50:55 Removed Bonjour
09-05-2018 19:44:45 Removed VMware Workstation
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/10/2018 01:00:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (05/10/2018 12:56:34 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Error: (05/10/2018 12:36:48 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
==================== Memory info ===========================
Processor: Intel® Core i5 CPU M 450 @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 5812.5 MB
Available physical RAM: 2775.73 MB
Total Virtual: 11952.71 MB
Available Virtual: 8449.58 MB
==================== Drives ================================
Drive c: (Disk4) (Fixed) (Total:529.09 GB) (Free:229.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Disk2) (Fixed) (Total:402.32 GB) (Free:168.33 GB) NTFS
\\?\Volume{05205e46-78e8-11e3-9a7e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 01C54DC0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=402.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=529.1 GB) - (Type=0F Extended)
==================== End of Addition.txt ============================