(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1470516769-2615172817-1183874788-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) BootExecute: autocheck autochk * sdnclean64.exe CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = BHO: No Name -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> No File Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File Toolbar: HKLM-x32 - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S1 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [X] U2 TMAgent; no ImagePath C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 C:\Windows\system32\sdnclean64.exe C:\Users\Public\Desktop\Post Win10 Spybot-install.exe C:\Windows\System32\Tasks\Safer-Networking C:\ProgramData\Spybot - Search & Destroy C:\Program Files (x86)\Spybot - Search & Destroy 2 Task: {2B38B855-5225-4889-87FF-2C38779E4D17} - System32\Tasks\{B8BD9EE9-A420-49F6-B0E2-968D9B7A272F} => pcalua.exe -a G:\sp60425.exe -d G:\ Task: {6D8E7680-3F7E-44D1-8636-7F4D6BA8301B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {98375F9B-9127-4050-86FD-9525457EF7AE} - \Yahoo! Search Updater -> No File <==== ATTENTION Task: {AFB70A89-66A8-4F0F-9625-1F8E01D88754} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {D6819BCF-21F8-4367-932F-6BCB130F3C92} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {EC2A85C2-2BFC-43D0-AC12-C2EF52F50720} - System32\Tasks\{21AE8124-8458-444D-9E45-3D0FC1C06D61} => G:\sp60425.exe G:\sp60425.exe AlternateDataStreams: C:\$Recycle.Bin:Mac_Metadata [42] AlternateDataStreams: C:\$WINDOWS.~BT:Mac_Metadata [42] AlternateDataStreams: C:\.fseventsd:Mac_Metadata [42] AlternateDataStreams: C:\.Trashes:AFP_AfpInfo [130] AlternateDataStreams: C:\.Trashes:Mac_Metadata [42] AlternateDataStreams: C:\Config.Msi:Mac_Metadata [42] AlternateDataStreams: C:\Downloads2:AFP_AfpInfo [130] AlternateDataStreams: C:\Downloads2:Mac_Metadata [42] AlternateDataStreams: C:\IPH.PH:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData:Mac_Metadata [42] AlternateDataStreams: C:\Recovery:Mac_Metadata [42] AlternateDataStreams: C:\System Volume Information:Mac_Metadata [0] AlternateDataStreams: C:\Program Files\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Program Files\Uninstall Information:Mac_Metadata [42] AlternateDataStreams: C:\Program Files (x86)\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Program Files (x86)\InstallShield Installation Information:Mac_Metadata [42] AlternateDataStreams: C:\Program Files (x86)\Uninstall Information:Mac_Metadata [42] AlternateDataStreams: C:\Windows\Installer:Mac_Metadata [42] AlternateDataStreams: C:\Windows\WindowsShell.Manifest:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-ums-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-security-lsalookup-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-security-sddl-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-service-core-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-service-management-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-service-management-l2-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\GroupPolicy:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-lsalookup-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-sddl-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-service-core-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-service-management-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-service-management-l2-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-service-winsvc-l1-1-0.dll:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\BCD-Template.LOG:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS.LOG:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{0370feb2-df96-11e3-893b-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{0370feb2-df96-11e3-893b-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{0370feb2-df96-11e3-893b-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{14fdf8f2-d2de-11e3-b4b8-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{14fdf8f2-d2de-11e3-b4b8-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{14fdf8f2-d2de-11e3-b4b8-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{19004a3a-0c7d-11e4-b150-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{19004a3a-0c7d-11e4-b150-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{19004a3a-0c7d-11e4-b150-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{1a4e9582-85bf-11e3-89fe-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{1a4e9582-85bf-11e3-89fe-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{1a4e9582-85bf-11e3-89fe-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{2bc1def3-3f1a-11e3-8a8b-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{2bc1def3-3f1a-11e3-8a8b-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{2bc1def3-3f1a-11e3-8a8b-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{415c54d0-d038-11e2-88d8-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{415c54d0-d038-11e2-88d8-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{415c54d0-d038-11e2-88d8-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{43c353b3-2446-11e5-a579-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{43c353b3-2446-11e5-a579-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{43c353b3-2446-11e5-a579-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{49d822bc-1943-11e5-ba58-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{49d822bc-1943-11e5-ba58-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{49d822bc-1943-11e5-ba58-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{4c3b403f-81be-11e5-9af1-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{4c3b403f-81be-11e5-9af1-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{4c3b403f-81be-11e5-9af1-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{53bc6d57-9602-11e4-8a7f-00038a000015}.TxR.0.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{53bc6d57-9602-11e4-8a7f-00038a000015}.TxR.1.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{53bc6d57-9602-11e4-8a7f-00038a000015}.TxR.2.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{53bc6d57-9602-11e4-8a7f-00038a000015}.TxR.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{53bc6d58-9602-11e4-8a7f-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{53bc6d58-9602-11e4-8a7f-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{53bc6d58-9602-11e4-8a7f-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{57508df3-8575-11e5-a024-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{57508df3-8575-11e5-a024-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{57508df3-8575-11e5-a024-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{58b40b7a-dbbd-11e5-8a5c-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{58b40b7a-dbbd-11e5-8a5c-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{58b40b7a-dbbd-11e5-8a5c-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{6b848b62-81a3-11e5-bea6-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{6b848b62-81a3-11e5-bea6-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{6b848b62-81a3-11e5-bea6-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{7c4a4ea2-78a9-11e4-b97a-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{7c4a4ea2-78a9-11e4-b97a-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{7c4a4ea2-78a9-11e4-b97a-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{833dc829-2327-11e5-8f54-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{833dc829-2327-11e5-8f54-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{833dc829-2327-11e5-8f54-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{892dbbaa-90ff-11e2-bb3f-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{892dbbaa-90ff-11e2-bb3f-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{892dbbaa-90ff-11e2-bb3f-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{912573c7-97b9-11e4-a5ec-00038a000015}.TxR.0.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{912573c7-97b9-11e4-a5ec-00038a000015}.TxR.1.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{912573c7-97b9-11e4-a5ec-00038a000015}.TxR.2.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{912573c7-97b9-11e4-a5ec-00038a000015}.TxR.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{912573c8-97b9-11e4-a5ec-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{912573c8-97b9-11e4-a5ec-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{912573c8-97b9-11e4-a5ec-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{96cf5a25-b7a8-11e5-8959-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{96cf5a25-b7a8-11e5-8959-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{96cf5a25-b7a8-11e5-8959-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{9e823bb8-238b-11e3-b3c9-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{9e823bb8-238b-11e3-b3c9-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{9e823bb8-238b-11e3-b3c9-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{9ed4dda0-6799-11e5-a2cd-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{9ed4dda0-6799-11e5-a2cd-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{9ed4dda0-6799-11e5-a2cd-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{a8cd64bb-6dad-11e4-9f13-00038a000015}.TxR.0.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{a8cd64bb-6dad-11e4-9f13-00038a000015}.TxR.1.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{a8cd64bb-6dad-11e4-9f13-00038a000015}.TxR.2.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{a8cd64bb-6dad-11e4-9f13-00038a000015}.TxR.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{a8cd64bc-6dad-11e4-9f13-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{a8cd64bc-6dad-11e4-9f13-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{a8cd64bc-6dad-11e4-9f13-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{ace4824f-78e5-11e5-b131-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{ace4824f-78e5-11e5-b131-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{ace4824f-78e5-11e5-b131-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{ad6458da-ae8b-11e5-b11e-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{ad6458da-ae8b-11e5-b11e-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{ad6458da-ae8b-11e5-b11e-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b20adfed-5676-11e5-83d5-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b20adfed-5676-11e5-83d5-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b20adfed-5676-11e5-83d5-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b5288b8e-7e86-11e4-b55e-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b5288b8e-7e86-11e4-b55e-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b5288b8e-7e86-11e4-b55e-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b5394ab9-763d-11e3-9d97-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b5394ab9-763d-11e3-9d97-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b5394ab9-763d-11e3-9d97-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b8b2f8b8-80a3-11e3-ab47-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b8b2f8b8-80a3-11e3-ab47-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{b8b2f8b8-80a3-11e3-ab47-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{bc59378b-86b8-11e2-9e3c-c823a5666a8b}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{bc59378b-86b8-11e2-9e3c-c823a5666a8b}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\COMPONENTS{bc59378b-86b8-11e2-9e3c-c823a5666a8b}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{bc7a88af-d397-11e3-8289-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{bc7a88af-d397-11e3-8289-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{bc7a88af-d397-11e3-8289-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{c5bda3f9-c34a-11e2-b466-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{c5bda3f9-c34a-11e2-b466-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{c5bda3f9-c34a-11e2-b466-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{c7024d52-5266-11e4-8e6a-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{c7024d52-5266-11e4-8e6a-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{c7024d52-5266-11e4-8e6a-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{cdc789f7-ba34-11e2-9e53-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{cdc789f7-ba34-11e2-9e53-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{cdc789f7-ba34-11e2-9e53-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{d098e7c3-0309-11e4-ab90-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{d098e7c3-0309-11e4-ab90-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{d098e7c3-0309-11e4-ab90-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{df150012-1d60-11e3-9964-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{df150012-1d60-11e3-9964-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{df150012-1d60-11e3-9964-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{df8e29e5-f0d7-11e4-8865-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{df8e29e5-f0d7-11e4-8865-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{df8e29e5-f0d7-11e4-8865-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{e0e9f687-a210-11e3-91bd-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{e0e9f687-a210-11e3-91bd-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{e0e9f687-a210-11e3-91bd-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{e888aac3-c459-11e5-a54c-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{e888aac3-c459-11e5-a54c-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{e888aac3-c459-11e5-a54c-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{ea5cfed2-5d60-11e4-8ce4-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{ea5cfed2-5d60-11e4-8ce4-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{ea5cfed2-5d60-11e4-8ce4-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{eef1ec63-6c44-11e5-a2f4-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{eef1ec63-6c44-11e5-a2f4-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{eef1ec63-6c44-11e5-a2f4-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{f1a055af-f469-11e5-9976-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{f1a055af-f469-11e5-9976-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\components{f1a055af-f469-11e5-9976-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\DEFAULT.LOG:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\DEFAULT.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\DEFAULT.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SAM.LOG:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SAM.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SAM.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SECURITY.LOG:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SECURITY.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SECURITY.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SOFTWARE.LOG:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SOFTWARE.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SOFTWARE.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SYSTEM.LOG:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SYSTEM.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\config\SYSTEM.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf:Mac_Metadata [42] AlternateDataStreams: C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf:Mac_Metadata [42] AlternateDataStreams: C:\Users\All Users:Mac_Metadata [42] AlternateDataStreams: C:\Users\Default:Mac_Metadata [42] AlternateDataStreams: C:\Users\Default User:Mac_Metadata [42] AlternateDataStreams: C:\Users\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Users\Administrator\AppData:Mac_Metadata [42] AlternateDataStreams: C:\Users\Administrator\ntuser.dat.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\Users\Administrator\ntuser.dat.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\Users\Administrator\ntuser.dat{dc572d8c-f674-11e5-87f1-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Users\Administrator\ntuser.dat{dc572d8c-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Administrator\ntuser.dat{dc572d8c-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Administrator\ntuser.dat{dc572daa-f674-11e5-87f1-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Users\Administrator\ntuser.dat{dc572daa-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Administrator\ntuser.dat{dc572daa-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\Application Data:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\Desktop:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\Favorites:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\ntuser.dat{dc572d90-f674-11e5-87f1-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\ntuser.dat{dc572d90-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\ntuser.dat{dc572d90-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\ntuser.dat{dc572dae-f674-11e5-87f1-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\ntuser.dat{dc572dae-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\ntuser.dat{dc572dae-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\ntuser.pol:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC:Mac_Metadata [42] AlternateDataStreams: C:\Users\Default\AppData:Mac_Metadata [42] AlternateDataStreams: C:\Users\Default\NTUSER.DAT:Mac_Metadata [42] AlternateDataStreams: C:\Users\Default\NTUSER.DAT.LOG:Mac_Metadata [42] AlternateDataStreams: C:\Users\Default\NTUSER.DAT.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\Users\Default\NTUSER.DAT.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\Desktop:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\Favorites:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\Libraries:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\ntuser.dat.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\ntuser.dat.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\ntuser.dat{dc572d97-f674-11e5-87f1-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\ntuser.dat{dc572d97-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\ntuser.dat{dc572d97-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\ntuser.dat{dc572db5-f674-11e5-87f1-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\ntuser.dat{dc572db5-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\ntuser.dat{dc572db5-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\Desktop\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\Downloads\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\AppData:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\Cookies:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\ntuser.dat:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\ntuser.dat.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\ntuser.dat.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\ntuser.dat{77065c7d-ba33-11e2-88f9-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\ntuser.dat{77065c7d-ba33-11e2-88f9-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\ntuser.dat{77065c7d-ba33-11e2-88f9-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\ntuser.dat{ea5cfec4-5d60-11e4-8ce4-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\ntuser.dat{ea5cfec4-5d60-11e4-8ce4-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\ntuser.dat{ea5cfec4-5d60-11e4-8ce4-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\ntuser.ini:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\Desktop\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\AppData\Local\EmieBrowserModeList:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\AppData\Local\EmieSiteList:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\AppData\Local\EmieUserList:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\AppData\Local\History:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\AppData\Local\Temporary Internet Files:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\Documents\Default.rdp:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\Documents\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\Documents\Downloads:AFP_AfpInfo [130] AlternateDataStreams: C:\Users\Richard\Documents\Downloads:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini:Mac_Metadata [42] AlternateDataStreams: C:\Users\WOUTempAdmin\ntuser.dat.LOG1:Mac_Metadata [42] AlternateDataStreams: C:\Users\WOUTempAdmin\ntuser.dat.LOG2:Mac_Metadata [42] AlternateDataStreams: C:\Users\WOUTempAdmin\ntuser.dat{dc572d9b-f674-11e5-87f1-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Users\WOUTempAdmin\ntuser.dat{dc572d9b-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\WOUTempAdmin\ntuser.dat{dc572d9b-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\WOUTempAdmin\ntuser.dat{dc572db9-f674-11e5-87f1-00038a000015}.TM.blf:Mac_Metadata [42] AlternateDataStreams: C:\Users\WOUTempAdmin\ntuser.dat{dc572db9-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000001.regtrans-ms:Mac_Metadata [42] AlternateDataStreams: C:\Users\WOUTempAdmin\ntuser.dat{dc572db9-f674-11e5-87f1-00038a000015}.TMContainer00000000000000000002.regtrans-ms:Mac_Metadata [42] RemoveProxy: CMD: bitsadmin /reset /allusers CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state on Hosts: EmptyTemp: