Hello.
I've been having some malware issues. Have scanned with a host of AM and AV, removed some items but some issues persist:
-Some kind of DNS hijacker (RogueKiller finds DHCPnameserver) but it keeps coming back. In chrome before visiting any site it says "waiting for xxx.freddysrentals.xxx" before eventually taking me to the right site. Some older pages are now not loading at all.
-Computer CPU was spiking at 100% even when idle. Nothing too out of the ordinary in the processes, but seems like scvhost.exe was taking up the most and was possible root kit. Might have removed this today with MBAR.
Attaching a bunch of reports here. Really appreciate any assistance you can provide. Thanks so much!
Master Boot Record:
Computer Specs:
FRST
AdwCleaner Report
I've been having some malware issues. Have scanned with a host of AM and AV, removed some items but some issues persist:
-Some kind of DNS hijacker (RogueKiller finds DHCPnameserver) but it keeps coming back. In chrome before visiting any site it says "waiting for xxx.freddysrentals.xxx" before eventually taking me to the right site. Some older pages are now not loading at all.
-Computer CPU was spiking at 100% even when idle. Nothing too out of the ordinary in the processes, but seems like scvhost.exe was taking up the most and was possible root kit. Might have removed this today with MBAR.
Attaching a bunch of reports here. Really appreciate any assistance you can provide. Thanks so much!
Master Boot Record:
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-03-01 17:45:04
-----------------------------
17:45:04.371 OS Version: Windows x64 6.2.9200
17:45:04.372 Number of processors: 8 586 0x3A09
17:45:04.387 ComputerName: JIRICOMPUTER UserName: SamSwanson
17:45:05.575 Initialize success
17:45:06.451 VM: initialized successfully
17:45:06.453 VM: Intel CPU BiosDisabled
17:45:38.078 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000003e
17:45:38.081 Disk 0 Vendor: TOSHIBA_DT01ACA300 MX6OABB0 Size: 2861588MB BusType: 11
17:45:38.098 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000003f
17:45:38.099 Disk 1 Vendor: OCZ-AGILITY4 1.5.2 Size: 244198MB BusType: 11
17:45:38.117 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000041
17:45:38.119 Disk 2 Vendor: WDC_WD30EZRZ-00Z5HB0 80.00A80 Size: 2861588MB BusType: 11
17:45:38.144 Disk 1 MBR read successfully
17:45:38.147 Disk 1 MBR scan
17:45:38.149 Disk 1 Windows 7 default MBR code
17:45:38.151 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
17:45:38.154 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 243846 MB offset 718848
17:45:38.166 Disk 1 scanning C:\WINDOWS\system32\drivers
17:45:40.101 Service scanning
17:45:44.621 Service WRkrn C:\WINDOWS\System32\drivers\WRkrn.sys **LOCKED** 32
17:45:45.350 Modules scanning
17:45:45.356 Disk 1 trace - called modules:
17:45:45.361 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
17:45:45.366 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffffb406311e7060]
17:45:45.369 3 CLASSPNP.SYS[fffff803881a5efb] -> nt!IofCallDriver -> [0xffffb40630240e40]
17:45:45.374 5 ACPI.sys[fffff80386d54571] -> nt!IofCallDriver -> \Device\0000003f[0xffffb406301fa060]
17:45:45.377 Disk 1 statistics 159841/0/0 @ 65.09 MB/s
17:45:45.385 Scan finished successfully
17:46:35.298 Disk 1 MBR has been saved successfully to "C:\Users\SamSwanson\Desktop\Computer fix\MBR.dat"
17:46:35.310 The log file has been saved successfully to "C:\Users\SamSwanson\Desktop\Computer fix\aswMBR.txt"
Computer Specs:
OS Version: Microsoft Windows 10 Pro, 64 bit
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 32716 Mb
Graphics Card: NVIDIA GeForce GTX 660 Ti, -2048 Mb
Hard Drives: C: 238 GB (113 GB Free); R: 2794 GB (1153 GB Free); S: 2794 GB (1561 GB Free);
Motherboard: ASUSTeK COMPUTER INC., P8Z77-V LX
Antivirus: Webroot SecureAnywhere, Enabled and Updated
FRST
Addition:Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by SamSwanson (administrator) on JIRICOMPUTER (01-03-2017 17:43:28)
Running from C:\Users\SamSwanson\Desktop\Computer fix
Loaded Profiles: SamSwanson (Available Profiles: SamSwanson)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Dashlane, Inc.) C:\Users\SamSwanson\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
(Flux Software LLC) C:\Users\SamSwanson\AppData\Local\FluxSoftware\Flux\flux.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Users\SamSwanson\AppData\Roaming\Dashlane\DashlanePlugin.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Universal Audio, Inc.) C:\Program Files (x86)\Universal Audio\Powered Plugins\UATrayIcon.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Universal Audio, Inc.) C:\Program Files (x86)\Universal Audio\Powered Plugins\UADPerfMon.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-12-03] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-11] (Copyright 2017.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-02-11] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-02-11] (Malwarebytes)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched (1)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched (2)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched (3)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-12-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-12-28] ()
HKLM-x32\...\Run: [CheckNDISPortf0ac3e] => C:\Program Files (x86)\Hostless Modem\Mobile Hotspot Admin\CheckNDISPort_df.exe [465664 2014-03-26] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\Mobile Hotspot Admin\CancelAutoPlay_df.exe [446720 2014-03-26] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [421768 2016-06-29] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7382232 2016-10-31] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992056 2017-01-18] (Webroot)
HKLM-x32\...\Run: [UATrayIcon] => C:\Program Files (x86)\Universal Audio\Powered Plugins\UATrayIcon.exe [3804160 2016-10-25] (Universal Audio, Inc.)
HKLM-x32\...\Run: [UAPerfMon] => C:\Program Files (x86)\Universal Audio\Powered Plugins\UADPerfMon.exe [5964288 2016-10-25] (Universal Audio, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1265256 2017-01-25] (Carbonite, Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Dashlane] => C:\Users\SamSwanson\AppData\Roaming\Dashlane\Dashlane.exe [486352 2017-02-22] (Dashlane, Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [1433200 2012-11-09] ()
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [F.lux] => C:\Users\SamSwanson\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (1)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (2)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (3)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (4)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [DashlanePlugin] => C:\Users\SamSwanson\AppData\Roaming\Dashlane\DashlanePlugin.exe [544208 2017-02-20] ()
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Spotify Web Helper] => C:\Users\SamSwanson\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-17] (Spotify Ltd)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Spotify] => C:\Users\SamSwanson\AppData\Roaming\Spotify\Spotify.exe [7067760 2017-02-17] (Spotify Ltd)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update] => C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2016-08-15] (Disc Soft Ltd)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [GizmoDriveDelegate] => C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2012-12-25] (Arainia Solutions)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-20] (Piriform Ltd)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [GoogleChromeAutoLaunch_20359AAFD869880A09A939B153F8703B] => C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe [1144152 2017-02-28] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\RunOnce: [Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\RunOnce: [Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [MacDriveVolumeIcon] -> {6B21AF46-EE37-40D0-A707-C06C17D06CE9} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation)
ShellIconOverlayIdentifiers: [MacDriveVolumeIconReadOnly] -> {E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2016-08-23]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-02-25]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EffectRack.lnk [2016-08-11]
ShortcutTarget: EffectRack.lnk -> C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe ()
Startup: C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2016-08-16]
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
BootExecute: autocheck autochk * sdnclean64.exePartizan
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{2173f261-2e23-4f0a-940a-2a88ca2b214b}: [NameServer] 74.82.42.42,192.168.0.1
Tcpip\..\Interfaces\{2173f261-2e23-4f0a-940a-2a88ca2b214b}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{7faf953a-453a-4de6-a3bc-2ce40997f6cc}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7faf953a-453a-4de6-a3bc-2ce40997f6cc}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{a56f0fe6-a65d-419a-9a9d-a9f8c86c22bd}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{c09f412c-6a39-48fa-9e06-9f815d6e9d25}: [NameServer] 8.8.8.8,8.8.4.4
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-20] (Oracle Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-20] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
FireFox:
========
FF DefaultProfile: scoho7@gmail.com
FF ProfilePath: C:\Users\SamSwanson\AppData\Roaming\Mozilla\Firefox\Profiles\lncyg2i6.default [2017-03-01]
FF NewTab: Mozilla\Firefox\Profiles\lncyg2i6.default -> about:newtab
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\lncyg2i6.default ->
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\lncyg2i6.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\lncyg2i6.default -> about:blank
FF Keyword.URL: Mozilla\Firefox\Profiles\lncyg2i6.default ->
FF Extension: (Dashlane) - C:\Users\SamSwanson\AppData\Roaming\Mozilla\Firefox\Profiles\lncyg2i6.default\Extensions\jetpack-extension@dashlane.com.xpi [2017-01-05]
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-01-27]
FF SearchPlugin: C:\Users\SamSwanson\AppData\Roaming\Mozilla\Firefox\Profiles\lncyg2i6.default\searchplugins\google-avast.xml [2015-01-06]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml [2010-12-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml [2010-12-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-20] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @ilok.com/iLokHelper,version=3.1.0.7 -> C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll [2012-11-17] ( PACE Anti-Piracy, Inc)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-03-25] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @citrixonline.com/appdetectorplugin -> C:\Users\SamSwanson\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\SamSwanson\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-05-15] (Google)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @talk.google.com/O1DPlugin -> C:\Users\SamSwanson\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-05-15] (Google)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @tools.google.com/Google Update;version=3 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @tools.google.com/Google Update;version=9 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-20] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2010-12-03] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Users\SamSwanson\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-05-15] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\SamSwanson\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-05-15] (Google)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js [2010-12-03]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2010-12-03]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2010-12-03]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js [2010-12-03]
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp:\/\/www.search.ask.com\/?gct=hp
CHR DefaultSearchURL: Default -> hxxp:\/\/www.search.ask.com\/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp:\/\/ssmsp.ask.com\/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (mention) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdbnpodkgflemjpckmcdgabbmefpfnb [2014-06-12]
CHR Extension: (Send using Gmail™ (no button)) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc [2014-06-12]
CHR Extension: (Angry Birds) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-13]
CHR Extension: (Google Docs) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13]
CHR Extension: (Sortd Smart Skin for Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohlfneeliakfcefeffppfplagbccbni [2016-05-07]
CHR Extension: (Google Drive) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
CHR Extension: (Audiense) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bagknoiagpifjfbempgignagkejmkljm [2016-03-11]
CHR Extension: (Session Manager) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-04-11]
CHR Extension: (Sexy Undo Close Tab) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2016-08-06]
CHR Extension: (Turn Off the Lights) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-06-24]
CHR Extension: (ColorZilla) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2016-04-01]
CHR Extension: (My Shortcuts) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcpobipejlbogodeiendpdgcdambjgo [2013-06-05]
CHR Extension: (YouTube) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13]
CHR Extension: (Minimalist for Everything) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek [2017-02-24]
CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2016-07-26]
CHR Extension: (Adblock Plus) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (TaskMilk) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\chieodlkhimccchlojdmiondhiggkhmf [2013-06-05]
CHR Extension: (uBlock Origin) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-07]
CHR Extension: (FullContact for Gmail™) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnaibnehbbinoohhjafknihmlopdhhip [2016-05-23]
CHR Extension: (Speechify) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dalapoeljdklkcfjkecafidnojkfpohn [2013-06-05]
CHR Extension: (MozBar) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2016-08-10]
CHR Extension: (NYTimes) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2013-06-05]
CHR Extension: (Session Buddy) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-04-27]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-06]
CHR Extension: (Silver Bird) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2017-02-24]
CHR Extension: (Symtica) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fafldeedegmfkdkolgpcopgfcdidgbjk [2013-06-05]
CHR Extension: (After the Deadline) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho [2014-08-22]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-07-29]
CHR Extension: (Dashlane) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-08-11]
CHR Extension: (Google Sheets) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13]
CHR Extension: (Stylish) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-05]
CHR Extension: (HTTPS Everywhere) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-07-21]
CHR Extension: (Cestujlevne.com notifikátor) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\genojieiefkacjcapigbigafhebnmdfp [2016-05-27]
CHR Extension: (Facebook™ Chat Privacy) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2016-07-19]
CHR Extension: (Google Docs Offline) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13]
CHR Extension: (AdBlock) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-29]
CHR Extension: (Pinterest Save Button) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-07-20]
CHR Extension: (Reader Plus) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhcknjkmaaeinhdjgimjnophgpbdgfmg [2013-06-05]
CHR Extension: (Rapportive) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2014-12-13]
CHR Extension: (Select To Get Maps) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha [2013-06-05]
CHR Extension: (feedly) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-08-31]
CHR Extension: (Remember The Milk for Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphjpfmagbhbdfhdndglcccmhdjhjjce [2014-12-17]
CHR Extension: (goo.gl URL Shortener) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2015-05-14]
CHR Extension: (ModHeader) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-05-23]
CHR Extension: (Proxmate) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2016-04-27]
CHR Extension: (Social Fixer for Facebook) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-12-13]
CHR Extension: (Forecastfox) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-06-05]
CHR Extension: (Power Twitter for Google Chrome™) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iieehhjfejnoljbnnhfnhibcjhmifffo [2013-06-05]
CHR Extension: (Mail2Cloud for Chrome
Revolutionizing Email) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhapcklhkanndjbdnhichfmolhiaekg [2016-05-23]
CHR Extension: (Imagus) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2016-05-27]
CHR Extension: (Spreed - speed read the web) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2016-03-27]
CHR Extension: (IDM Integration Module) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-04-11]
CHR Extension: (WhoWorks.At) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeldhknnfopoiloahhpmbblbhemankjj [2013-06-20]
CHR Extension: (Disconnect) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-22]
CHR Extension: (Google +1 Button) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-04-11]
CHR Extension: (Attachments.me) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhphhbgmckofodhphhiflhkhibdilddi [2013-06-05]
CHR Extension: (Image Search by Cooliris) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllgofbnhaihnfbokejhcndhoogagdmk [2013-06-05]
CHR Extension: (Bananatag Email Tracking) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2016-01-06]
CHR Extension: (Speed Dial 2) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-05-30]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-17]
CHR Extension: (StumbleUpon) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-04-11]
CHR Extension: (Google Voice (by Google)) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-04-11]
CHR Extension: (Super Full Feeds for Google Reader™) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\khbjahpecnkenngkidhioicnfpakihgo [2013-06-05]
CHR Extension: (Webroot Filtering Extension) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-08-04]
CHR Extension: (StayFocusd) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-11-05]
CHR Extension: (UglyEmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgiafaliifpknmgofiifianlnbgflgj [2016-06-18]
CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh [2013-06-05]
CHR Extension: (InvisibleHand) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2016-07-13]
CHR Extension: (AwardWallet) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lppkddfmnlpjbojooindbmcokchjgbib [2016-05-12]
CHR Extension: (Yahoo! Axis) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbilcmekbcocfaiofmdokibplmongfil [2013-06-05]
CHR Extension: (TV Countdown) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\meiipljgihfjofljlgkjiellhjdjchhi [2014-09-11]
CHR Extension: (Chrome Downloads) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhaaapflafeapcmgbphlmealldkomfbe [2013-06-05]
CHR Extension: (Search Box) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni [2013-06-05]
CHR Extension: (Ghostery) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-21]
CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2014-10-20]
CHR Extension: (MailTrack for Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2016-08-11]
CHR Extension: (Save to Pocket) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-07-20]
CHR Extension: (YSlow) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2013-06-05]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-08-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Better Pop Up Blocker) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-06-05]
CHR Extension: (Buffer) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2016-07-29]
CHR Extension: (Original Minimalist Email) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\npppajnlimcafecjepdjcijnoamopngp [2013-06-05]
CHR Extension: (Google Reader Snow Leopard) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhahfkkedakkpdfmjeakfginobldlai [2013-06-05]
CHR Extension: (Readlang Web Reader) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2016-06-28]
CHR Extension: (Facebook Styler) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\oibchndgminbbeopaejobnnajfjgkcnk [2013-06-05]
CHR Extension: (SEO Global For Google Search™) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2013-06-05]
CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2015-02-01]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2016-08-11]
CHR Extension: (WiseStamp - Email Signatures for Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg [2016-06-22]
CHR Extension: (Header Hacker) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\phnffahgegfkcobeaapbenpmdnkifigc [2013-06-05]
CHR Extension: (Evernote Web Clipper) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-06-28]
CHR Extension: (Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13]
CHR Extension: (Chrome Media Router) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-04]
CHR Extension: (Streak CRM for Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-06-22]
CHR Extension: (Media Hint) - C:\Users\SamSwanson\mediahint [2017-02-20] [UpdateUrl: hxxps://127.0.0.1] <==== ATTENTION
CHR HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iahagolkpaghhinaljhjihagjgomdokb] - C:\Users\SamSwanson\AppData\Local\Alexa\atbpg-HyChcu-1.3.crx [2014-04-29]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1244408 2016-10-31] ()
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-10-31] ()
R2 AnonVPN VPN; C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe [127336 2016-05-24] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-10-31] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-01-07] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2014-01-07] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2014-01-07] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe [2005504 2014-01-07] (ASUSTeK Computer Inc.) [File not signed]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-10-13] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-10-13] (COMODO)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-28] (Creative Technology Ltd) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2016-08-15] (Disc Soft Ltd)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1243024 2013-02-11] (Binary Fortress Software)
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2012-12-25] (Arainia Solutions)
R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-11] (Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [153296 2016-06-10] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [478416 2016-06-10] (Intel(R) Corporation)
S2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-10-11] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2000-01-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-02-11] (Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2016-06-29] (Acronis)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-26] (NVIDIA Corporation)
R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-13] (Microsoft Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-06-29] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2017-02-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992056 2017-01-18] (Webroot)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [14936 2012-08-17] (Intel(R) Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-11] (Copyright 2017.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-15] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 AU8168; C:\WINDOWS\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40960 2016-09-08] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [862648 2016-09-08] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [54336 2016-09-08] (COMODO)
R3 DDMF_Audio; C:\WINDOWS\system32\drivers\DDMFaudio.sys [28456 2015-07-15] (DDMF)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-15] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-02-11] ()
R0 FancyRd; C:\WINDOWS\System32\drivers\fancyrd.sys [188352 2012-06-24] (Romex Software)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [366432 2016-10-31] (Acronis International GmbH)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2012-12-25] (Arainia Solutions LLC)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-24] ()
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-22] (REALiX(tm))
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 iLokDrvr; C:\WINDOWS\System32\drivers\iLokDrvr.sys [25808 2013-10-27] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [147304 2016-09-08] (COMODO)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [23832 2012-08-13] (Intel Corporation)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
S3 LoopBe30; C:\WINDOWS\system32\drivers\loopbe30.sys [16896 2011-02-26] (nerds.de)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-03-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-03-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-03-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-03-01] (Malwarebytes)
R3 MBOX; C:\WINDOWS\system32\DRIVERS\AvidMbox.sys [464616 2016-08-15] (Avid)
R3 MBOXDFU; C:\WINDOWS\System32\drivers\AvidMbox_DFU.sys [31464 2016-08-15] (Avid)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [322768 2012-11-15] (Mediafour Corporation)
R0 MDPMGRNT; C:\WINDOWS\System32\DRIVERS\MDPMGRNT.SYS [32464 2012-06-05] (Mediafour Corporation)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [41688 2016-06-10] (Intel Corporation)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-02-25] (SoftEther Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NetTap630; C:\WINDOWS\system32\DRIVERS\nettap630.sys [67800 2016-06-10] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-02-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-10] (NVIDIA Corporation)
R3 OXYGEN; C:\WINDOWS\system32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-02-24] (Greatis Software)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-11-22] (Realtek )
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-02-25] (SoftEther Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 teVirtualMIDI64; C:\WINDOWS\system32\DRIVERS\teVirtualMIDI64.sys [30208 2012-08-16] (Tobias Erichsen)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1267552 2016-10-31] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [193376 2016-10-31] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [601432 2016-10-31] (Acronis International GmbH)
R3 UAD2Pcie; C:\WINDOWS\System32\drivers\UAD2Pcie.sys [82752 2016-11-03] (Universal Audio, Inc.)
R3 UAD2System; C:\WINDOWS\System32\drivers\UAD2System.sys [134464 2016-11-03] (Universal Audio, Inc.)
R3 UAD2WdmAudio; C:\WINDOWS\system32\DRIVERS\UAD2WdmAudio.sys [27968 2016-11-03] ()
R3 VBAudioHFVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_hfvaio64_win7.sys [33512 2014-03-07] (Windows (R) Win 7 DDK provider)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [279392 2016-06-29] (Acronis International GmbH)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [39936 2016-07-16] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2014-01-03] ()
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2017-02-27] (Webroot)
R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66328 2016-10-11] (Webroot)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-11] (Zemana Ltd.)
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 ManyCam; \SystemRoot\system32\DRIVERS\mcvidrv.sys [X]
S3 mcaudrv_simple; \SystemRoot\system32\drivers\mcaudrv_x64.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-01 14:33 - 2017-03-01 14:33 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Overloud
2017-03-01 14:33 - 2017-03-01 14:33 - 00000000 ____D C:\ProgramData\Overloud
2017-03-01 13:43 - 2017-03-01 13:43 - 00154624 _____ C:\Users\SamSwanson\Desktop\SigLotSizeCalV1.2.xls
2017-03-01 12:43 - 2017-03-01 12:43 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\ESET
2017-02-28 22:48 - 2017-03-01 13:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-28 14:25 - 2017-02-28 14:25 - 00000000 ____D C:\ProgramData\MetaQuotes
2017-02-28 14:24 - 2017-02-28 14:24 - 00002075 _____ C:\Users\Public\Desktop\Tradeo - MetaTrader 4.lnk
2017-02-28 14:24 - 2017-02-28 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradeo - MetaTrader 4
2017-02-28 14:24 - 2017-02-28 14:24 - 00000000 ____D C:\Program Files (x86)\Tradeo - MetaTrader 4
2017-02-27 23:05 - 2017-02-27 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2017-02-25 14:26 - 2017-02-25 14:26 - 00038216 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\Neo6_x64_VPN.sys
2017-02-25 14:23 - 2017-03-01 13:45 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2017-02-25 14:23 - 2017-02-25 14:23 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\vpncmd.exe
2017-02-25 14:23 - 2017-02-25 14:23 - 00051024 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\SeLow_x64.sys
2017-02-25 14:23 - 2017-02-25 14:23 - 00001980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2017-02-25 14:23 - 2017-02-25 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2017-02-24 18:44 - 2017-03-01 13:45 - 00000984 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2017-02-24 18:41 - 2017-02-24 18:41 - 00000000 ____D C:\@RestoreQuarantine
2017-02-24 18:28 - 2017-02-24 23:58 - 00000000 ____D C:\ProgramData\RegRun
2017-02-24 18:27 - 2017-03-01 12:43 - 00000000 ____D C:\Users\SamSwanson\Documents\RegRun2
2017-02-24 18:27 - 2017-02-24 18:27 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2017-02-24 18:27 - 2017-02-24 18:27 - 00003424 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2017-02-24 18:27 - 2017-02-24 18:27 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-02-24 18:27 - 2017-02-24 18:27 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-02-24 18:27 - 2017-02-24 18:27 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-02-24 18:26 - 2017-03-01 10:10 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2017-02-24 18:26 - 2017-02-24 18:30 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-02-24 18:26 - 2017-02-24 18:26 - 00049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2017-02-24 18:26 - 2017-02-24 18:26 - 00014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2017-02-24 18:26 - 2017-02-24 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-02-24 16:57 - 2017-02-24 16:57 - 06971584 _____ (Tim Kosse) C:\Users\SamSwanson\Downloads\FileZilla_3.24.1_win64-setup.exe
2017-02-23 01:05 - 2017-02-23 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 5
2017-02-23 01:05 - 2017-02-23 01:05 - 00000000 ____D C:\Program Files\MetaTrader 5
2017-02-23 01:04 - 2017-02-23 01:05 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\MetaQuotes
2017-02-21 16:25 - 2017-02-21 16:26 - 00000000 ____D C:\ProgramData\SupremoRemoteDesktop
2017-02-21 15:52 - 2017-02-21 16:01 - 00000000 ____D C:\ProgramData\Emsisoft
2017-02-21 15:25 - 2017-02-21 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-21 15:24 - 2017-02-21 15:24 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-21 14:47 - 2017-02-21 14:47 - 00000120 ___RH C:\Users\SamSwanson\Desktop\Stinger.opt
2017-02-21 14:39 - 2017-02-21 14:47 - 00000000 ____D C:\Program Files\stinger
2017-02-21 14:39 - 2017-02-21 14:39 - 00000000 ____D C:\Program Files\McAfee
2017-02-20 21:33 - 2017-02-20 21:33 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\PackageStaging
2017-02-20 21:31 - 2017-02-20 21:31 - 00000000 ____D C:\WINDOWS\Panther
2017-02-20 21:05 - 2017-02-20 21:05 - 00000000 ____D C:\WINDOWS\pss
2017-02-20 21:01 - 2017-02-20 21:01 - 00003786 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-02-20 21:01 - 2017-02-20 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-02-20 21:01 - 2017-02-20 21:01 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-02-20 20:33 - 2017-02-20 20:24 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2017-02-20 20:24 - 2017-02-20 20:24 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-19 17:20 - 2017-02-19 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-19 16:28 - 2017-03-01 17:43 - 00000000 ____D C:\FRST
2017-02-16 11:45 - 2017-02-24 17:06 - 00000869 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2017-02-16 00:59 - 2017-02-16 00:59 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonVPN
2017-02-15 21:57 - 2017-02-15 21:57 - 00002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-15 21:52 - 2017-03-01 17:44 - 00000000 ____D C:\Users\SamSwanson\Desktop\Computer fix
2017-02-15 17:34 - 2017-02-15 17:34 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\HomeDev
2017-02-15 17:34 - 2017-02-15 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeDev
2017-02-15 17:34 - 2017-02-15 17:34 - 00000000 ____D C:\Program Files (x86)\HomeDev
2017-02-15 17:26 - 2017-02-15 17:26 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-02-15 17:26 - 2017-02-15 17:26 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2017-02-15 17:05 - 2017-02-15 17:05 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Toshiba Corporation
2017-02-15 17:05 - 2017-02-15 17:05 - 00000000 ____D C:\ProgramData\Toshiba Corporation
2017-02-15 17:04 - 2017-02-15 17:04 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toshiba Corporation
2017-02-15 17:04 - 2017-02-15 17:04 - 00000000 ____D C:\Program Files (x86)\Toshiba Corporation
2017-02-15 17:03 - 2017-02-15 17:04 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\FreshDiagnose
2017-02-15 16:57 - 2017-02-15 16:57 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\JxBrowser
2017-02-13 16:16 - 2017-02-13 16:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-13 14:56 - 2017-02-13 16:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-13 14:26 - 2017-02-13 14:26 - 00100984 _____ C:\Users\SamSwanson\Documents\VME Accounts Gnucash.gnucash.20170213142617.gnucash
2017-02-13 14:24 - 2017-02-13 14:24 - 00100834 _____ C:\Users\SamSwanson\Documents\VME Accounts Gnucash.gnucash.20170213142442.gnucash
2017-02-13 00:03 - 2017-02-13 00:03 - 00000000 ____D C:\ProgramData\Sophos
2017-02-13 00:00 - 2017-02-13 00:00 - 04656523 _____ C:\Users\SamSwanson\Downloads\tdsskiller.zip
2017-02-13 00:00 - 2017-02-13 00:00 - 00208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\55447846.sys
2017-02-12 18:19 - 2017-02-12 18:19 - 00014856 ____N C:\bootsqm.dat
2017-02-11 16:08 - 2017-03-01 13:46 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-11 16:08 - 2017-03-01 13:45 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-11 16:08 - 2017-03-01 13:45 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-11 16:07 - 2017-02-11 16:07 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-11 16:07 - 2017-02-11 16:07 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-11 16:07 - 2017-02-11 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-11 16:07 - 2017-02-11 16:07 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\Program Files\iTunes
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\Program Files\iPod
2017-02-11 15:29 - 2017-03-01 17:44 - 00134454 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-11 15:29 - 2017-03-01 17:44 - 00093083 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-11 15:29 - 2017-02-11 15:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-02-11 15:29 - 2017-02-11 15:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-02-11 15:29 - 2017-02-11 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-11 15:29 - 2017-02-11 15:29 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-02-10 22:40 - 2017-02-10 22:40 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Zemana
2017-02-10 22:39 - 2017-02-10 22:39 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-02-10 22:39 - 2017-02-10 22:39 - 00002398 _____ C:\WINDOWS\system32\.crusader
2017-02-10 22:27 - 2017-02-10 22:27 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-10 22:26 - 2017-02-10 22:39 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-10 20:18 - 2017-02-10 20:18 - 00134080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-10 20:17 - 2017-02-10 20:17 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-10 20:17 - 2017-02-10 20:17 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-10 20:17 - 2017-02-10 20:17 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 20:17 - 2016-12-16 01:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-10 20:17 - 2016-12-16 01:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-10 20:12 - 2017-02-10 20:17 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-10 20:09 - 2017-02-10 20:17 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 28239928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 19008576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 14677272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 11123936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 11019192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 09308896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 08990584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 03167288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 02715072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 01051584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00988608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00960568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00609216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00573120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00447800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-10 20:09 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-02-10 20:09 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-02-10 20:02 - 2017-02-10 20:02 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Chromium
2017-02-10 20:02 - 2017-01-20 19:41 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-02-10 20:01 - 2017-02-10 20:01 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-02-10 19:59 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-02-10 19:59 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-02-10 19:59 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-02-10 19:59 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-02-10 19:59 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-01-26 09:15 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-02-10 19:58 - 2017-02-10 20:01 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-10 19:58 - 2017-02-10 19:59 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-10 19:58 - 2017-02-10 19:59 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-10 19:58 - 2017-02-10 19:59 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-02-10 13:29 - 2017-02-20 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-08 10:43 - 2017-02-10 20:15 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 10:42 - 2017-02-08 10:44 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-08 10:08 - 2017-02-28 15:41 - 00002590 _____ C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2017-02-08 10:08 - 2017-02-28 15:41 - 00002582 _____ C:\Users\SamSwanson\Desktop\Google Chrome Canary.lnk
2017-01-31 00:10 - 2017-02-16 13:28 - 00000000 ____D C:\Users\SamSwanson\AppData\LocalLow\Mozilla
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-01 17:37 - 2016-08-11 19:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-01 15:42 - 2016-06-13 10:39 - 00000096 _____ C:\Users\SamSwanson\AppData\Roaming\msregsvv.dll
2017-03-01 15:42 - 2014-01-22 13:15 - 00000128 _____ C:\ProgramData\autobk.inc
2017-03-01 15:42 - 2012-12-27 05:17 - 00000000 ____D C:\ProgramData\ValhallaRoom
2017-03-01 13:58 - 2013-05-04 00:13 - 00000000 ___HD C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA
2017-03-01 13:58 - 2012-10-14 18:47 - 00000000 ___HD C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX
2017-03-01 13:56 - 2012-12-24 01:13 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\vlc
2017-03-01 13:53 - 2016-11-23 15:33 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-01 13:49 - 2016-08-11 19:48 - 00829958 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-01 13:47 - 2015-07-24 10:55 - 00000000 ____D C:\ProgramData\WRData
2017-03-01 13:46 - 2012-12-23 13:44 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Ditto
2017-03-01 13:45 - 2016-08-11 19:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-01 13:45 - 2014-06-15 15:30 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 13:45 - 2012-12-26 18:57 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-01 13:45 - 2012-12-23 12:43 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-01 13:44 - 2016-07-16 07:04 - 01835008 _____ C:\WINDOWS\system32\config\BBI
2017-03-01 13:43 - 2012-12-23 10:57 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Packages
2017-03-01 13:11 - 2013-02-28 11:48 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\CrashDumps
2017-03-01 11:24 - 2012-12-24 01:02 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Spotify
2017-03-01 10:32 - 2016-02-15 14:22 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-01 10:18 - 2012-12-23 12:27 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Spotify
2017-03-01 10:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\tracing
2017-03-01 00:07 - 2016-01-11 10:36 - 00000000 ____D C:\Users\Public\Documents\ExponentialAudioLogs
2017-02-27 18:03 - 2016-06-29 15:03 - 00143248 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-02-26 20:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-25 14:58 - 2012-12-23 13:18 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\REAPER
2017-02-25 14:26 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-25 14:03 - 2016-08-12 14:55 - 00000051 _____ C:\Users\SamSwanson\deletedRoute.txt
2017-02-25 14:03 - 2016-08-12 14:54 - 00009424 _____ C:\Users\SamSwanson\AnonVPN.ovpn
2017-02-25 10:26 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 19:51 - 2015-02-14 01:28 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Mp3tag
2017-02-24 18:40 - 2016-08-31 16:31 - 00000000 ____D C:\Program Files\Handbrake
2017-02-24 18:40 - 2014-08-03 21:04 - 00000000 ____D C:\Program Files (x86)\KDNicheFinder
2017-02-24 17:06 - 2012-12-23 13:18 - 00000000 ____D C:\Program Files\REAPER (x64)
2017-02-24 16:58 - 2013-02-17 13:21 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\FileZilla
2017-02-24 11:36 - 2012-12-24 02:10 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\iZotope
2017-02-23 00:26 - 2016-12-14 23:19 - 00000000 ____D C:\Users\SamSwanson\Desktop\Travel Plans
2017-02-22 17:26 - 2012-12-23 12:51 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Dashlane
2017-02-22 17:25 - 2014-03-07 00:23 - 00002013 _____ C:\Users\SamSwanson\Desktop\Dashlane.lnk
2017-02-22 17:25 - 2012-12-23 12:51 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-02-22 14:40 - 2016-06-05 17:05 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-22 09:57 - 2017-01-12 17:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-22 09:57 - 2016-12-03 22:13 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-22 01:23 - 2016-12-03 22:13 - 00003986 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-22 01:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-22 01:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-22 00:10 - 2013-01-09 06:42 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Nitro PDF
2017-02-21 20:08 - 2016-02-27 01:27 - 00000000 ____D C:\AdwCleaner
2017-02-21 17:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-21 16:44 - 2016-12-03 21:06 - 00000000 ____D C:\Program Files\CCleaner
2017-02-21 16:09 - 2016-12-18 13:41 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Electrum
2017-02-21 16:09 - 2015-12-02 13:37 - 03123997 _____ C:\Users\SamSwanson\Desktop\Money 4 Music.epub
2017-02-21 15:32 - 2014-09-16 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Joey Sturgis Tones
2017-02-21 15:32 - 2014-09-16 18:19 - 00000000 ____D C:\Program Files\Joey Sturgis Tones
2017-02-21 15:32 - 2012-12-24 06:19 - 00000000 ____D C:\Program Files\Common Files\VST3
2017-02-21 14:39 - 2016-06-13 17:53 - 00000000 ____D C:\QUARANTINE
2017-02-20 21:36 - 2016-08-11 19:38 - 00000000 ____D C:\Users\SamSwanson
2017-02-20 21:31 - 2012-12-23 10:57 - 00000000 ____D C:\WINDOWS\CSC
2017-02-20 21:29 - 2016-12-05 18:56 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-20 21:28 - 2016-08-11 19:35 - 04961528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-20 21:26 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-20 21:19 - 2016-03-30 16:21 - 00000000 ____D C:\Users\SamSwanson\Desktop\Social Media Course
2017-02-20 21:19 - 2014-06-07 09:57 - 00000000 ____D C:\Users\SamSwanson\mediahint
2017-02-20 21:19 - 2014-04-04 13:18 - 00000000 ____D C:\Users\SamSwanson\Desktop\Drumatom
2017-02-20 21:19 - 2013-08-05 18:07 - 00000000 ____D C:\Users\SamSwanson\Desktop\StudioPhotoShoot
2017-02-20 21:19 - 2013-02-21 13:15 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\DisplayFusion
2017-02-20 21:19 - 2013-01-03 18:33 - 00000000 ____D C:\Users\SamSwanson\Documents\TAX
2017-02-20 21:17 - 2012-12-23 11:50 - 06096688 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-02-20 20:33 - 2012-12-23 12:25 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-20 20:25 - 2016-08-15 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2017-02-20 20:25 - 2016-08-15 15:04 - 00000000 ____D C:\Program Files\Calibre2
2017-02-20 20:24 - 2012-12-23 12:25 - 00000000 ____D C:\Program Files\Java
2017-02-20 20:21 - 2016-08-15 14:52 - 00605984 _____ (www.patchmypc.net) C:\Users\SamSwanson\Desktop\PatchMyPC.exe
2017-02-20 17:51 - 2016-02-15 14:24 - 00007602 _____ C:\Users\SamSwanson\AppData\Local\Resmon.ResmonCfg
2017-02-19 17:20 - 2016-04-21 13:59 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-19 14:24 - 2015-07-15 20:46 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\DDMF Effect Rack
2017-02-19 11:52 - 2014-08-24 11:43 - 00000000 ____D C:\Program Files (x86)\Media Gobbler, Inc
2017-02-19 11:52 - 2013-06-05 10:24 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-19 11:52 - 2012-12-23 13:38 - 00000000 ____D C:\ProgramData\Gobbler
2017-02-18 21:47 - 2013-02-17 14:33 - 00000000 ____D C:\ProgramData\ValhallaUberMod
2017-02-16 17:07 - 2014-02-10 03:09 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Spectrasonics
2017-02-16 11:45 - 2016-11-23 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
2017-02-16 00:59 - 2016-08-12 14:54 - 00001150 _____ C:\Users\SamSwanson\Desktop\AnonVPN.lnk
2017-02-16 00:59 - 2016-08-12 14:54 - 00000000 ____D C:\Program Files (x86)\AnonVPN
2017-02-15 22:06 - 2015-01-11 23:36 - 00007710 _____ C:\WINDOWS\system32\--traceoff
2017-02-15 22:04 - 2012-12-27 22:58 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2017-02-15 22:03 - 2014-09-13 15:35 - 00000000 ____D C:\Program Files\iZotope
2017-02-15 22:03 - 2012-12-25 00:35 - 00000000 ____D C:\Users\SamSwanson\Documents\iZotope
2017-02-15 22:03 - 2012-12-25 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2017-02-15 22:03 - 2012-12-25 00:29 - 00000000 ____D C:\Program Files (x86)\iZotope
2017-02-15 22:03 - 2012-12-24 06:19 - 00000000 ____D C:\Program Files\VSTPlugIns
2017-02-15 22:02 - 2012-12-23 13:11 - 00000000 ____D C:\Program Files (x86)\Growl for Windows
2017-02-15 22:01 - 2014-02-12 13:01 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2017-02-15 22:01 - 2012-12-24 01:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-15 22:00 - 2013-09-12 14:56 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Citrix
2017-02-15 22:00 - 2013-05-24 22:11 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2017-02-15 22:00 - 2013-05-24 22:11 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Copy
2017-02-15 21:59 - 2013-05-26 16:02 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-02-15 18:43 - 2013-06-20 07:57 - 01418640 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-02-15 16:50 - 2013-07-14 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2017-02-15 16:50 - 2013-07-14 23:12 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2017-02-13 15:55 - 2013-01-20 16:48 - 00000000 ____D C:\Users\SamSwanson\.gconfd
2017-02-13 15:41 - 2013-01-20 16:48 - 00000000 ____D C:\Users\SamSwanson\.gconf
2017-02-13 15:14 - 2015-06-13 09:16 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-13 14:26 - 2016-06-13 13:37 - 00100965 _____ C:\Users\SamSwanson\Documents\VME Accounts Gnucash.gnucash
2017-02-12 00:07 - 2013-03-09 22:52 - 00000132 _____ C:\Users\SamSwanson\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-02-11 16:12 - 2012-12-23 13:01 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Skype
2017-02-11 16:07 - 2016-06-05 17:05 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\TeamViewer
2017-02-11 16:07 - 2014-06-15 15:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-11 16:07 - 2012-12-26 18:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-11 16:06 - 2016-08-15 15:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-11 16:06 - 2012-12-23 12:27 - 00000000 ____D C:\ProgramData\Skype
2017-02-11 16:04 - 2016-08-11 19:50 - 00003096 _____ C:\WINDOWS\System32\Tasks\Process Lasso Core Engine Only
2017-02-11 16:04 - 2013-07-10 17:57 - 00000000 ____D C:\Program Files\Process Lasso
2017-02-11 16:04 - 2012-12-23 12:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-11 16:00 - 2016-08-15 14:58 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-11 16:00 - 2016-08-15 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-11 16:00 - 2013-02-21 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-11 12:25 - 2014-01-12 15:06 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\NVIDIA Corporation
2017-02-10 22:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\InputMethod
2017-02-10 22:39 - 2015-06-24 20:14 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\mgyun
2017-02-10 20:20 - 2013-03-14 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-10 20:20 - 2012-12-23 12:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 20:17 - 2016-12-16 01:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-37-0.exe
2017-02-10 20:17 - 2016-12-16 01:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-37-0.exe
2017-02-10 20:17 - 2015-12-01 17:32 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-02-10 20:17 - 2015-12-01 17:32 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-02-10 20:12 - 2012-12-23 12:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 20:11 - 2016-08-11 20:08 - 34974656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-10 20:11 - 2016-08-11 20:08 - 04079032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 20:11 - 2016-08-11 20:08 - 03597640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 20:11 - 2016-07-16 15:29 - 00420408 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-02-10 20:11 - 2012-12-23 12:43 - 00514616 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-10 20:01 - 2013-07-05 05:36 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\NVIDIA
2017-02-10 20:01 - 2012-12-23 12:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-10 18:50 - 2013-09-17 09:45 - 00000000 ____D C:\ProgramData\Ashampoo
2017-02-10 18:50 - 2013-02-23 16:34 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Smart PC Solutions
2017-02-10 18:50 - 2013-02-23 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Solutions
2017-02-10 13:34 - 2016-11-22 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-09 15:39 - 2015-12-20 01:44 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\boost_interprocess
2017-02-09 15:39 - 2012-12-24 02:10 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Celemony Software GmbH
2017-02-08 23:41 - 2012-12-24 06:23 - 00000000 ____D C:\ProgramData\Slate Digital
2017-02-08 19:27 - 2016-03-02 16:15 - 00001919 _____ C:\Users\Public\Documents\Lurssen TimeLimitReadExpiration.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000292 _____ C:\Users\Public\Documents\Lurssen TimeLimitGenerateLockNames Log.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000095 _____ C:\Users\Public\Documents\Lorssen Log.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000069 _____ C:\Users\Public\Documents\Lurssen CopyProt Log.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000008 _____ C:\Users\Public\Documents\Lurssen TimeLimitWriteOneProductSettings.txt
2017-02-08 10:42 - 2017-01-04 15:19 - 01964600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437653.dll
2017-02-08 10:42 - 2017-01-04 15:19 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437653.dll
2017-02-07 17:49 - 2013-06-27 14:37 - 00005632 _____ C:\Users\SamSwanson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-06 20:48 - 2014-08-27 13:28 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 20:31 - 2013-05-26 16:03 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Audacity
2017-02-03 11:38 - 2015-06-30 19:18 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\ssd_sampler
2017-02-02 16:48 - 2012-12-22 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-02-02 16:48 - 2012-12-22 22:13 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2017-02-02 16:47 - 2012-12-22 22:14 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\AVS4YOU
2017-02-02 16:46 - 2012-12-22 22:13 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
==================== Files in the root of some directories =======
2013-01-09 05:51 - 2012-10-02 21:03 - 2712200 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp.exe
2016-10-29 19:23 - 2016-10-29 19:23 - 2722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2016-10-29 19:23 - 2016-10-29 19:23 - 0056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2013-07-29 18:50 - 2013-07-29 18:50 - 0000132 _____ () C:\Users\SamSwanson\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-06-11 13:27 - 2015-08-13 11:46 - 0000132 _____ () C:\Users\SamSwanson\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-03-09 22:52 - 2017-02-12 00:07 - 0000132 _____ () C:\Users\SamSwanson\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-02-12 22:10 - 2014-02-12 22:10 - 0000005 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_496F4C99-60AD-5b9e-AC1B-FA060E643C04.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000013 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_72024697-2626-4a12-8347-7CAC1834AC3B.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000013 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_D9C6A609-15A1-4768-8E98-6FA00C2547CC.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_F4F01109-C336-401f-BDE4-7C1926744104.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_FAB01109-C336-401f-BDE4-AB1926744111.dll
2014-01-26 19:56 - 2014-01-26 19:56 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_FB9AECF7-F56E-7B2E-A862-9892AA545103.dll
2016-06-13 10:39 - 2017-03-01 15:42 - 0000096 _____ () C:\Users\SamSwanson\AppData\Roaming\msregsvv.dll
2016-04-24 21:15 - 2016-06-09 10:20 - 0033783 _____ () C:\Users\SamSwanson\AppData\Roaming\net.telestream.wirecast.xml
2013-06-27 14:37 - 2017-02-07 17:49 - 0005632 _____ () C:\Users\SamSwanson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-17 14:25 - 2015-03-17 14:25 - 0000600 _____ () C:\Users\SamSwanson\AppData\Local\PUTTY.RND
2016-06-15 14:58 - 2016-06-15 14:58 - 0000218 _____ () C:\Users\SamSwanson\AppData\Local\recently-used.xbel
2016-02-15 14:24 - 2017-02-20 17:51 - 0007602 _____ () C:\Users\SamSwanson\AppData\Local\Resmon.ResmonCfg
2014-01-22 13:15 - 2017-03-01 15:42 - 0000128 _____ () C:\ProgramData\autobk.inc
2016-08-11 19:35 - 2016-08-11 19:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-22 11:21 - 2014-01-22 11:21 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-01-22 02:03 - 2014-01-22 02:04 - 0000454 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-03 11:42 - 2017-01-03 10:19 - 0000253 _____ () C:\ProgramData\SoundToys_Problem_Log.txt
Some files in TEMP:
====================
2017-03-01 10:32 - 2016-12-09 12:17 - 1886344 _____ (Microsoft Corporation) C:\Users\SamSwanson\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-21 11:10
==================== End of FRST.txt ============================
Rkill Report:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by SamSwanson (01-03-2017 17:44:34)
Running from C:\Users\SamSwanson\Desktop\Computer fix
Windows 10 Pro Version 1607 (X64) (2016-08-11 18:53:40)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3236326594-2611474830-2656184370-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3236326594-2611474830-2656184370-503 - Limited - Disabled)
Guest (S-1-5-21-3236326594-2611474830-2656184370-501 - Limited - Disabled)
SamSwanson (S-1-5-21-3236326594-2611474830-2656184370-1001 - Administrator - Enabled) => C:\Users\SamSwanson
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
+10db version 1.0.4 (HKLM\...\+10db_is1) (Version: 1.0.4 - Boz Digital Labs)
112dB Big Blue Compressor 1.0.3-r3719 (HKLM\...\112dB Big Blue Compressor 1.0.3-r3719) (Version: 1.0.3-r3719 - 112dB)
112dB Big Blue Limiter 1.1.3-r3719 (HKLM\...\112dB Big Blue Limiter 1.1.3-r3719) (Version: 1.1.3-r3719 - 112dB)
112dB Redline Equalizer 1.0.5-r3719 (HKLM\...\112dB Redline Equalizer 1.0.5-r3719) (Version: 1.0.5-r3719 - 112dB)
112dB Redline Reverb 1.0.10-r3810 (HKLM\...\112dB Redline Reverb 1.0.10-r3810) (Version: 1.0.10-r3810 - 112dB)
2C-Audio Aether (HKLM-x32\...\Aether) (Version: - )
2C-Audio Breeze (HKLM-x32\...\Breeze) (Version: - 2C-Audio)
6030 Ultimate Comp Native (HKLM-x32\...\{96B75FC3-D48A-4F8B-8BC7-5C2728797E4E}) (Version: 6.0.9 - McDSP)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
AATranslator (HKLM-x32\...\{7400C259-1F2E-4FF2-9037-860BF239F39D}) (Version: 4.0.0.2 - Suite Spot Studios)
Abbeyroadplugins EMI Brilliance Pack VST RTAS v1.0.6 (HKLM-x32\...\Abbeyroadplugins EMI Brilliance Pack VST RTAS_is1) (Version: - )
Abbeyroadplugins EMI RS 124 Compressor VST RTAS v1.0.1 (HKLM-x32\...\Abbeyroadplugins EMI RS 124 Compressor_is1) (Version: - )
Abbeyroadplugins EMI TG 12413 Limiter VST RTAS v2.0.1 (HKLM-x32\...\Abbeyroadplugins EMI TG 12413 Limiter VST RTAS_is1) (Version: - )
Abbeyroadplugins EMI TG Mastering Pack VST RTAS v1.0.2 (HKLM-x32\...\Abbeyroadplugins EMI TG Mastering Pack VST RTAS_is1) (Version: - )
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Acronis True Image (HKLM-x32\...\{E5F28743-0DB5-42C1-8B70-5986D88C0BE0}Visible) (Version: 19.0.6581 - Acronis)
Acronis True Image (x32 Version: 19.0.6581 - Acronis) Hidden
acustica AcquaVox (HKLM-x32\...\AcquaVox) (Version: - )
Acustica Audio D361A (HKLM-x32\...\D361A Win x64) (Version: 1.3.609.0 - Acustica Audio)
Acustica Audio EQP1 (HKLM-x32\...\EQP1 Win x64) (Version: 1.3.606.0 - Acustica Audio)
Acustica Audio NEO (HKLM-x32\...\NEO Win x64) (Version: 1.3.606.0 - Acustica Audio)
Acustica Audio REDEQ (HKLM-x32\...\REDEQ Win x64) (Version: 1.3.760.0 - Acustica Audio)
Acustica Audio TAN (HKLM-x32\...\TAN Win x64) (Version: 1.4.072.0 - Acustica Audio)
Acustica Audio TITANIUM3B (HKLM-x32\...\TITANIUM3B Win x64) (Version: 1.3.827.0 - Acustica Audio)
Acustica Audio TRINITYEQ (HKLM-x32\...\TRINITYEQ Win x64) (Version: 1.3.687.0 - Acustica Audio)
AcusticaAudio Nebula3 (HKLM-x32\...\Nebula3) (Version: - )
Adobe After Effects CS4 (HKLM-x32\...\Adobe_3dcb365ab9e01871fb8c6f27b0ea079) (Version: 9 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{A2116AF9-FA9D-41EA-9874-1E40B227D4DE}) (Version: 12.2.5.195 - Adobe Systems, Inc)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.02 - ASUSTeK Computer Inc.)
Altiverb 7 Uninstaller (HKLM\...\{367662CA-394A-4095-9549-973FC3807B9B}_is1) (Version: 7.2 - Audio Ease BV)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Amazon Kindle) (Version: - Amazon)
AmpegSVX (HKLM-x32\...\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}) (Version: 1.1.3 - IK Multimedia)
AmpliTube 3 version 3.11.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.11.0 - IK Multimedia)
AmpliTube 4 version 4.0.1 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.1 - IK Multimedia)
AnonVPN 1.0.5.5 (HKLM-x32\...\AnonVPN) (Version: 1.0.5.5 - AnonVPN.io)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version: - )
Antares AVOX Evo VST RTAS v3.0.2 (HKLM-x32\...\Antares AVOX Evo VST RTAS_is1) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARC System 2 version 2.1.0 (HKLM\...\{4952A610-D484-4F6A-B1B4-33797CFDB821}_is1) (Version: 2.1.0 - IK Multimedia)
ArcSoft Portrait+ 3 (HKLM-x32\...\{40BB5B1A-6008-4348-8C24-116B654C7ECD}) (Version: 3.0.0.401 - ArcSoft)
ARIA Engine v1.8.4.8 (HKLM\...\ARIA Engine_is1) (Version: v1.8.4.8 - Plogue Art et Technologie, Inc)
Articulate Storyline (x32 Version: 1.02.02 - Articulate) Hidden
ASIO Bridge and Hi-Fi Cable (HKLM-x32\...\VB:ASIOBridge {17359A74-1236-5467}) (Version: - VB-Audio Software)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Assassin's Creed(R) III v1.03 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.03 - Ubisoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
atomiccleaner3 version 1.3.4.1 (HKLM-x32\...\{0D6AB211-A181-4F42-AEB4-127C40BF67EF}_is1) (Version: 1.3.4.1 - atomicware)
AudioEase Altiverb VST RTAS v6.12 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version: - )
AudioEase Speakersphone VST RTAS v1.03 (HKLM-x32\...\AudioEase Speakersphone VST RTAS_is1) (Version: - Audio Ease)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.10 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{01C898E1-38A7-49B1-9398-49E40636E2C5}) (Version: 9.0 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3.10 - Avid Technology, Inc.)
Avid Mbox Driver 1.1.10 (x64) (HKLM\...\{35BAD2B7-E2EF-4A06-80A2-C6C2F23B8F3E}) (Version: 1.1.10 - Avid)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.10 - Avid Technology, Inc.)
AVOX Evo VST (HKLM-x32\...\{65AA5B18-A330-4F35-BCDF-EA85EC888906}) (Version: 3.0.0 - Antares Audio Technologies)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.0.5.510 - Online Media Technologies Ltd.)
Black Rooster Audio Plugin Pack (HKLM\...\Black Rooster Audio Plugin Pack_is1) (Version: - Black Rooster Audio)
BWF MetaEdit 1.3.0 (HKLM\...\BWF MetaEdit) (Version: 1.3.0 - FADGI)
calibre 64bit (HKLM\...\{82EA8033-0AE6-4C1A-91B6-D24BED49AB73}) (Version: 2.79.1 - Kovid Goyal)
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Camtasia Studio 8 (HKLM-x32\...\{2B1F8DD0-873D-4AC3-8400-766F255FE263}) (Version: 8.1.0.1281 - TechSmith Corporation)
Carbonite (HKLM-x32\...\{C7D98EFB-A351-4098-B474-1A5B362DB648}) (Version: 6.2.2 build 6819 (Jan-25-2017) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
CDSoundMaster NICE-EQ-VST-TUBE-FREE (HKLM-x32\...\NICE-EQ-VST-TUBE-FREE) (Version: - )
CDSoundMaster N-TEN-AT4-Bell-Free-64 (HKLM-x32\...\N-TEN-AT4-Bell-Free-64) (Version: - )
CDS-VTC-FREE-PC-VST-64-BIT THE-VINTAGE-TUBE-COLLECTION-FREE-PC-VST-64-BIT (HKLM-x32\...\THE-VINTAGE-TUBE-COLLECTION-FREE-PC-VST-64-BIT) (Version: - )
Celemony Melodyne Studio 4 (HKLM-x32\...\Celemony Melodyne Studio 4) (Version: 4.0.4.004 - Celemony)
COMODO Internet Security (HKLM\...\{0E9AFD45-C3BA-41D1-B54B-495A22CB3409}) (Version: 6.0.64131.2674 - COMODO Security Solutions Inc.)
CP Control (HKLM-x32\...\CP Control) (Version: - )
CrystalDiskInfo 7.0.5 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
D16 Group Repeater (HKLM\...\Repeater_is1) (Version: 1.0.0 - D16 Group)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dashlane (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Dashlane) (Version: 4.6.7.25343 - Dashlane SAS)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
Diamond Cut Forensics8 (HKLM-x32\...\{38C8BBB6-716E-4486-A386-C8D3242959C5}) (Version: 8.10 - Diamond Cut Productions)
DisplayFusion 5.0 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.0.0.0 - Binary Fortress Software)
Ditto (HKLM-x32\...\Ditto_is1) (Version: - Scott Brogden)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DMG Audio Track Range (HKLM\...\Track Range_is1) (Version: 1.0.0 - DMG Audio)
DMGAudio EQuilibrium 1.04 (HKLM-x32\...\DMGAudio EQuilibrium_is1) (Version: - DMGAudio)
DMGAudio Essence 1.00 (HKLM-x32\...\DMGAudio Essence_is1) (Version: - DMGAudio)
DMGAudio Limitless 1.00 (HKLM-x32\...\DMGAudio Limitless_is1) (Version: - DMGAudio)
DragonDisk 1.05 (HKLM-x32\...\{7914B94-1234-44D2-0864-0348EBF012AC}_is1) (Version: - Almageste)
Dropbox (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Dropbox) (Version: 2.10.46 - Dropbox, Inc.)
Drum Leveler version 1.0.0 (HKLM\...\{94B8FDA3-877B-4EB8-A3E9-5D476329F15D}_is1) (Version: 1.0.0 - Sound Radix)
East West Stormdrum Intakt (HKLM-x32\...\East West Stormdrum Intakt) (Version: - )
Easy Tune 6 B12.0912.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0912.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ElastikVst (HKLM-x32\...\{92F027CB-BDF9-4047-A654-13A050908158}) (Version: 1.00.0000 - ueberschall sample service GmbH)
ElastikVst (x32 Version: 1.00.0000 - ueberschall sample service GmbH) Hidden
Electrum (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Electrum) (Version: 2.7.12 - Electrum Technologies GmbH)
EmpressPlugins.Tremolo.VST.v1.0 (HKLM-x32\...\EmpressPlugins Tremolo_is1) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Flux) (Version: - )
FabFilter Pro-C 2.00 (64-bit) (HKLM-x32\...\FabFilter Pro-C 2.00 (64-bit)) (Version: - )
FG-X (HKLM\...\Slate Digital FG-X_is1) (Version: - Slate Digital)
FG-X Virtual Mastering Console (HKLM\...\FG-X Virtual Mastering Console_is1) (Version: - Slate Digital)
Fidelify (HKLM-x32\...\Fidelify) (Version: - )
FileMenu Tools (HKLM\...\FileMenu Tools_is1) (Version: - LopeSoft - Rubén López Hernández)
FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Flux Full Pack 2.2 (HKLM\...\Full Pack 2.2_is1) (Version: 3.5.25.44238 - Flux)
Flux Junger Audio Level Magic 5.1 (HKLM-x32\...\Flux Junger Audio Level Magic 5.1) (Version: 3.4.6 - Flux)
Folder Marker Free (HKLM\...\Folder Marker Free_is1) (Version: 3.2 - ArcticLine Software)
Genwaveaudio Genwave EQ VST v1.0 (HKLM-x32\...\Genwaveaudio Genwave EQ VST_is1) (Version: - )
GIZMO (HKLM-x32\...\{D0529F5A-C45C-40C0-8457-6A5AF24ABC6E}) (Version: 3.21.4000 - ants Inc.)
Gizmo Central (HKLM-x32\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
GnuCash 2.4.11 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team)
Gobbler (HKLM-x32\...\{C7CE54DC-7AD2-48A8-BB2E-F7C6A8E40BB5}) (Version: 0.21.75.0 - Media Gobbler, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Google Chrome SxS) (Version: 58.0.3026.0 - Google Inc.)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.31.0.6291 (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\GoToMeeting) (Version: 7.31.0.6291 - CitrixOnline)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Head Crusher version 1.6 (HKLM\...\Head Crusher_is1) (Version: 1.6 - )
Helium Audio Converter (build 461) (HKLM-x32\...\{8CF3206B-6330-42D6-B35E-CA7098337CB8}_is1) (Version: 2.0.0.461 - Imploded Software)
HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software)
HoRNet AutoGain Pro MK2 (HKLM\...\AutoGain Pro MK2_is1) (Version: 2.0.1 - HoRNet)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
iLok Client Helper (HKLM-x32\...\InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}) (Version: 5.9.7 - PACE Anti-Piracy, Inc.)
iLok Client Helper (x32 Version: 5.9.7 - PACE Anti-Piracy, Inc.) Hidden
Imperial Delay version 1.5.8 (HKLM\...\Imperial Delay_is1) (Version: 1.5.8 - )
Intel Extreme Tuning Utility (HKLM-x32\...\{7360EE49-7004-4626-A85A-CC48C2D63700}) (Version: 3.2.0.24 - Intel Corporation)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{A7D3C4B3-2CA8-46F3-9C34-63205AC018FF}) (Version: 17.0.109 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Network Connections 18.6.110.0 (HKLM\...\PROSetDX) (Version: 18.6.110.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{DE788AD4-F7CE-4995-ADF8-56174A7B613C}) (Version: 3.0.41.1571 - Intel)
Intel(R) Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
Intel(R) Technology Access Software Asset Manager (x32 Version: 3.4.1942 - Intel Corporation) Hidden
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
ISL (HKLM\...\ISL_is1) (Version: - NUGEN Audio)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
IVGI version 1.0.0 (HKLM\...\IVGI_is1) (Version: 1.0.0 - )
Ivideon Server (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Ivideon Server) (Version: 3.5.6.1213 - Ivideon)
iZotope BreakTweaker (HKLM-x32\...\iZotope BreakTweaker_is1) (Version: 1.00 - iZotope, Inc.)
iZotope BreakTweaker Factory Content (HKLM-x32\...\iZotope BreakTweaker Factory Content_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Insight (HKLM-x32\...\iZotope Insight_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.00 - iZotope, Inc.)
iZotope Ozone 6 Advanced (HKLM-x32\...\iZotope Ozone 6 Advanced_is1) (Version: 6.00 - iZotope, Inc.)
iZotope Ozone 7 Advanced (HKLM-x32\...\iZotope Ozone 7 Advanced 7.00) (Version: 7.00 - iZotope, Inc.)
iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.01 - iZotope, Inc.)
iZotope Trash 2 (HKLM-x32\...\iZotope Trash 2_is1) (Version: 2.00 - iZotope, Inc.)
iZotope Vinyl (HKLM-x32\...\iZotope Vinyl_is1) (Version: 1.61 - iZotope, Inc.)
iZotope VocalSynth (HKLM-x32\...\VocalSynth 1.0) (Version: 1.0 - iZotope, Inc.)
Jack (HKLM-x32\...\Jack) (Version: - )
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Kazrog LLC Recabinet 3 VST RTAS v3.1.0 (HKLM\...\Kazrog LLC Recabinet 3_is1) (Version: - )
KD Niche Finder (HKLM-x32\...\KD Niche Finder1.0.0.2) (Version: 1.0.0.2 - AppBreed Software of InnAnTech Industries Inc.)
KDPublishingPro (HKLM-x32\...\{067A07C1-7A31-4881-B53D-DF4CBB865112}) (Version: 1.4.12 - KDPublishingPro.com)
KDPublishingPro (HKLM-x32\...\{215E8D21-F375-4D03-A31F-79CBE44FFB4A}) (Version: 1.2.8 - KDPublishingPro.com)
KDSubmitterPro (HKLM-x32\...\{E1817648-6DF6-400F-BD1B-B5D9E9BD745D}) (Version: 1.0.0 - KDSubmitterPro.com)
Kindle DRM Removal (HKLM-x32\...\KindleDRMRemoval) (Version: 1.4.1 - eBook Converter)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
K-Lite Codec Pack 9.6.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.6.0 - )
K-Lite Codec Pack 9.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.0 - )
Kush Audio Clariphonic v1.0 (HKLM\...\Clariphonic_is1) (Version: - Kush Audio)
Lexicon PSP 42 64bit (HKLM\...\Lexicon PSP 42 64bit) (Version: 1.6.2 64bit - PSPaudioware.com)
Liquid Notes version 1.5.2.1 (HKLM\...\{5AC1D63D-6772-417E-B7B8-1E5F686D9703}_is1) (Version: 1.5.2.1 - Re-Compose)
Litecoin (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Litecoin) (Version: 0.8.5.1 - Litecoin project)
Litecoin Core (64-bit) (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Litecoin Core (64-bit)) (Version: 0.10.4.0 - Litecoin Core project)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LoopBe30 - Internal MIDI Ports (HKLM-x32\...\LoopBe30) (Version: - )
Lurssen Mastering Console version 1.0.0 (HKLM\...\{9F525466-89DA-4B7B-BD8C-BBFDC4432DFB}_is1) (Version: 1.0.0 - IK Multimedia)
M30 Reverb (HKLM-x32\...\M30 Reverb) (Version: 1.0.0.1 - TC Electronic)
MacDrive 9 Pro (HKLM\...\{C1521748-8700-4CA0-92F1-46CE26DEDC7D}) (Version: 9.0.4.21 - Mediafour Corporation)
Magic AB VST-x64 1.2.2 (HKLM\...\{6893EEE5-B48F-47a9-81DC-CD54E7767B35}) (Version: 1.2.2 - Sample Magic)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manic Compressor version 1.0.3 (HKLM\...\Manic Compressor_is1) (Version: 1.0.3 - )
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.92.51 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.92.51 - Alliance Software Pty Ltd) Hidden
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1027 - Marvell)
Massey VST Demos (Remove only) (HKLM-x32\...\Massey VST Demos) (Version: - )
MathewLane DrMS Spatial Processor VST RTAS v3.2 (HKLM-x32\...\MathewLane DrMS Spatial Processor_is1) (Version: - )
M-Audio Oxygen Driver 1.2.1 (x64) (HKLM\...\{6F0B8408-835B-4A55-A429-EB899AD68467}) (Version: 1.2.1 - M-Audio)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.0.3.1000 - Maxthon International Limited)
McGill English Dictionary of Rhyme & Verse Perfect 2.0 (HKLM-x32\...\McGill English Dictionary of Rhyme with VersePer~286A7AE6_is1) (Version: - Bryant McGill / McGill International)
MeldaProduction Audio Plugins 10 (HKLM-x32\...\MeldaProduction Audio Plugins 10) (Version: - MeldaProduction)
MeldaProduction MTotalBundle64 8 (HKLM-x32\...\MeldaProduction MTotalBundle64 8) (Version: - MeldaProduction)
Melodyne 3.2 (HKLM-x32\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.2.0202 - Celemony Software GmbH)
Melodyne 3.2 (x32 Version: 3.2.0202 - Celemony Software GmbH) Hidden
MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
Mic Mod EFX VST (HKLM-x32\...\{A77728D4-DF6E-42A9-926C-5164BBF1EA72}) (Version: 1.0.4 - Antares Audio Technologies)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
MJUC version 1.0.1 (HKLM\...\MJUC_is1) (Version: 1.0.1 - )
MJUCjr version 1.0.0 (HKLM\...\MJUCjr_is1) (Version: 1.0.0 - )
Mobile Hotspot Admin (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Monofilter v4.0 (HKLM\...\Monofilter4_is1) (Version: - NUGEN Audio)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
Nalpeiron Service Update to 6.3.9.2 (x32 Version: 7.3.1 - Nalpeiron) Hidden
Native Instruments Abbey Road 50s Drummer (HKLM-x32\...\Native Instruments Abbey Road 50s Drummer) (Version: 1.2.0.10 - Native Instruments)
Native Instruments Abbey Road 60s Drums (HKLM-x32\...\Native Instruments Abbey Road 60s Drums) (Version: - Native Instruments)
Native Instruments Alicias Keys 1.2 (HKLM-x32\...\Native Instruments Alicias Keys 1.2) (Version: - Native Instruments)
Native Instruments Battery 4 (HKLM-x32\...\Native Instruments Battery 4) (Version: 4.1.5.254 - Native Instruments)
Native Instruments Damage (HKLM-x32\...\Native Instruments Damage) (Version: - Native Instruments)
Native Instruments Elektrik Piano 1.5 (HKLM-x32\...\Native Instruments Elektrik Piano 1.5) (Version: - )
Native Instruments India (HKLM-x32\...\Native Instruments India) (Version: 1.0.0.31 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.5.13 - Native Instruments)
Native Instruments Session Horns Pro (HKLM-x32\...\Native Instruments Session Horns Pro) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Symphony Series Brass Solo (HKLM-x32\...\Native Instruments Symphony Series Brass Solo) (Version: 1.1.0.19 - Native Instruments)
Native Instruments Symphony Series String Ensemble (HKLM-x32\...\Native Instruments Symphony Series String Ensemble) (Version: 1.1.0.7 - Native Instruments)
Native Instruments Symphony Series Woodwind Solo (HKLM-x32\...\Native Instruments Symphony Series Woodwind Solo) (Version: 1.0.0.11 - Native Instruments)
Native Instruments The Giant (HKLM-x32\...\Native Instruments The Giant) (Version: 1.2.0.7 - Native Instruments)
Native Instruments The Grandeur (HKLM-x32\...\Native Instruments The Grandeur) (Version: 1.2.0.2 - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version: - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: - Native Instruments)
nebula3 CM (HKLM-x32\...\{5354D5F2-342D-43DD-A361-B65BF7AABE1D}) (Version: 1.2.837 - Acusticaaudio)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Neutron Advanced (HKLM-x32\...\Neutron Advanced 1.0) (Version: 1.0 - iZotope, Inc.)
NF VST 64-bit Installer (HKLM-x32\...\NF VST 64-bit Installer1.0.3) (Version: 1.0.3 - Nomad Factory)
Nitro Pro 8 (HKLM\...\{47B42E7A-57E9-407B-8DBB-017B86D7B13F}) (Version: 8.5.2.10 - Nitro)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Output Movement (HKLM-x32\...\Output Movement) (Version: 1.0.3 - Output)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.2.1.0324 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.2.1.0324 - PACE Anti-Piracy, Inc.) Hidden
PatchCleaner (HKLM-x32\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev)
PCM Native Reverb Bundle (HKLM-x32\...\PCM Native Reverb Bundle) (Version: - Lexicon)
PCM Native Reverb Bundle (x32 Version: 1.1.3 - Lexicon) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Pi version 1.0.11 (HKLM\...\{CFA5721A-9AA1-4D77-BBC2-78E40216FDAB}_is1) (Version: 1.0.11 - Sound Radix)
PITCHMAP VST-x64 1.6.1 (HKLM\...\{F9754DD6-985B-4e93-A96B-837EE5415F61}) (Version: 1.6.1 - Zynaptiq)
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Plogue chipsounds v1.848 (HKLM\...\__ARIA_1009___is1) (Version: v1.848 - Plogue)
Plogue chipspeech v1.016 (HKLM\...\__ARIA_1017___is1) (Version: v1.016 - Plogue)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Primo Ramdisk Server Edition 5.6.0 (HKLM\...\{94B97E1E-9B67-4012-A126-6319E211A298}_is1) (Version: 5.6.0 - Romex Software)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 8.9.8.94 - Bitsum)
PSP 2Meters 64bit (HKLM-x32\...\PSP 2Meters 64bit) (Version: 2.0.0 64bit - PSPaudioware.com)
PSP 608 MultiDelay 64bit (HKLM\...\PSP 608 MultiDelay 64bit) (Version: 1.6.1 64bit - PSPaudioware.com)
PSP 85 64bit (HKLM-x32\...\PSP 85 64bit) (Version: 1.1.0 64bit - PSPaudioware.com)
PSP BussPressor 64bit (HKLM\...\PSP BussPressor 64bit) (Version: 1.0.3 64bit - PSPaudioware.com)
PSP Echo 64bit (HKLM\...\PSP Echo 64bit) (Version: 1.0.1 64bit - PSPaudioware.com)
PSP MasterComp 1.7.1 64bit (HKLM-x32\...\PSP MasterComp 1.7.1 64bit) (Version: 1.7.1 64bit - PSPaudioware.com)
PSP McQ 64bit (HKLM-x32\...\PSP McQ 64bit) (Version: 1.8.0 64bit - PSPaudioware.com)
PSP Neon 64bit (HKLM\...\PSP Neon 64bit) (Version: 2.0.3 64bit - PSPaudioware.com)
PSP NobleQ 64bit (HKLM\...\PSP NobleQ 64bit) (Version: 1.7.0 64bit - PSPaudioware.com)
PSP oldTimer 64bit (HKLM\...\PSP oldTimer 64bit) (Version: 2.0.0 64bit - PSPaudioware.com)
PSP PianoVerb2 64bit (HKLM-x32\...\PSP PianoVerb2 64bit) (Version: 2.0.0 64bit - PSPaudioware.com)
PSP SpringBox 64bit (HKLM-x32\...\PSP SpringBox 64bit) (Version: 1.0.0 64bit - PSPaudioware.com)
PSP Xenon 1.3.0 64bit (HKLM-x32\...\PSP Xenon 1.3.0 64bit) (Version: 1.3.0 64bit - PSPaudioware.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.3.0 (64-bit) (HKLM\...\{290329c4-a276-3aec-b633-9f5a39d8dd96}) (Version: 3.3.150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Rank Tracker (HKLM-x32\...\seopowersuite) (Version: - )
Rapid SEO Tool 1.3 (HKLM-x32\...\Rapid SEO Tool_is1) (Version: 1.3 - Karlis Blumentals)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Reference 3 VST plugin (32-bit) 3 (HKLM-x32\...\{7627424F-7CB0-471B-AB55-A39F6995C4F0}) (Version: 3.2.11 - Sonarworks)
Reference 3 VST plugin (64-bit) 3 (HKLM\...\{510D6D02-214D-4264-A4FD-96DBD82ACFED}) (Version: 3.2.11 - Sonarworks)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
Relab LX480 Lite VST v1.0 (HKLM-x32\...\Relab LX480 Lite_is1) (Version: - )
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Rhyme Genie (HKLM-x32\...\{E48A1AFC-5649-4CC2-B8E1-BD92022C4CC4}) (Version: 6.0 - Idolumic)
RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software)
Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version: - John Mulcahy)
Sasquatch version 1.2.0 (HKLM\...\Sasquatch_is1) (Version: 1.2.0 - )
SEQ1 Master (HKLM-x32\...\SEQ1 Master_is1) (Version: - NuGen Audio)
SEQ2 Master (HKLM-x32\...\SEQ2 Master_is1) (Version: - NuGen Audio)
SEQ-S (HKLM\...\SEQ-S_is1) (Version: - NUGEN Audio)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
S-GEAR 2 (HKLM\...\S-GEAR 2 CE_is1) (Version: 2.5.7 - Scuffham Amps)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SideWidener version 1.0.2 (HKLM\...\SideWidener_is1) (Version: 1.0.2 - )
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\slack) (Version: 2.1.0 - Slack Technologies)
Slate Digital TRIGGER (HKLM-x32\...\SlateDigitalTrigger) (Version: 1.65 - Slate Digital)
Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
Sniper Elite (HKLM-x32\...\Steam App 3700) (Version: - Rebellion Developments)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - )
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
Softube Acoustic Feedback VST RTAS v1.0.7 (HKLM-x32\...\Softube Acoustic Feedback VST RTAS_is1) (Version: - )
Softube Bass Amp Room VST RTAS v1.0.2 (HKLM-x32\...\Softube Bass Amp Room VST RTAS_is1) (Version: - )
Softube FET Compressor VST RTAS v1.0.3 (HKLM-x32\...\Softube FET Compressor VST RTAS_is1) (Version: - )
Softube Metal Amp Room VST RTAS v1.1.5 (HKLM-x32\...\Softube Metal Amp Room VST RTAS_is1) (Version: - )
Softube Passive-Active Pack VST RTAS v1.0.2 (HKLM-x32\...\Softube Passive-Active Pack VST RTAS_is1) (Version: - )
Softube Spring Reverb VST RTAS v1.0.4 (HKLM-x32\...\Softube Spring Reverb VST RTAS_is1) (Version: - )
Softube Trident A-Range VST RTAS v1.0.2 (HKLM-x32\...\Softube Trident A-Range VST RTAS_is1) (Version: - )
Softube Tube Delay VST RTAS v1.0.5 (HKLM-x32\...\Softube Tube Delay VST RTAS_is1) (Version: - )
Softube Tube-Tech CL 1B VST RTAS v1.0.3 (HKLM-x32\...\Softube Tube-Tech CL 1B VST RTAS_is1) (Version: - )
Softube Vintage Amp Room VST RTAS v1.0.8 (HKLM-x32\...\Softube Vintage Amp Room VST RTAS_is1) (Version: - )
Sonalksis Plug-in Manager 3.00 (HKLM-x32\...\{7A600039-FED6-4C81-AA6E-F151F7FA7EE7}_is1) (Version: - Sonalksis Ltd)
Sonarworks HD reference 2.2 (HKLM-x32\...\{F76463A9-42A2-47D5-B7D4-8838523E64E4}) (Version: 2.2.12.30 - Sonarworks)
Sonarworks HD Reference VST plugin (64-bit) 2.2 (HKLM\...\{3F08FE5F-23E4-423B-A929-8247E4D5193A}) (Version: 2.2.12.30 - Sonarworks)
Sonarworks Reference 3 (HKLM-x32\...\{E8A1DAEE-C491-4833-8D3B-AA8F3E0098AE}) (Version: 3.2.11 - Sonarworks)
SONiVOX Harmonica (HKLM-x32\...\SONiVOX Harmonica) (Version: 1.0 - SONiVOX)
SONiVOX VocalizerPro (HKLM-x32\...\SONiVOX VocalizerPro_is1) (Version: - )
Sonoris Mastering Compressor (HKLM-x32\...\Sonoris Mastering Compressor) (Version: - Sonoris Audio Engineering)
Sound Blaster X-Fi MB 2 (HKLM-x32\...\{44DA67A9-C906-4316-94CB-61B036BBDCE5}) (Version: 1.04.02 - Creative Technology Limited)
SoundToys Native Effects VST RTAS v3.1.2 (HKLM-x32\...\SoundToys Native Effects VST RTAS_is1) (Version: - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
SSD Sampler (HKLM-x32\...\SSD4) (Version: 1.1 - Yellow Matter Entertainment)
SSD Utility (HKLM-x32\...\{3449D0CA-9D99-472B-B36C-A32A58AF18F5}) (Version: 2.2.2645 - Toshiba Corporation)
SSDlife Pro (HKLM-x32\...\{3D843494-7DC4-47C9-9E95-3543F0A4E7BC}) (Version: 2.3.56 - BinarySense Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stereoizer3 v3.1 (HKLM\...\Stereoizer3_is1) (Version: - NUGEN Audio)
Stereoplacer v3 (HKLM\...\Stereoplacer3_is1) (Version: - NUGEN Audio)
Sugar Bytes Looperator 1.0 (HKLM\...\Looperator_is1) (Version: 1.0 - Sugar Bytes)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Surfer EQ version 1.2.2 (HKLM\...\{B8D2A156-B2DE-47BD-9789-F1A850F060C1}_is1) (Version: 1.2.2 - Sound Radix)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tag&Rename 3.7 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7 - Softpointer Inc)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Glue (HKLM\...\The Glue_is1) (Version: 1.2.8 - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd)
ToneBoosters Morphit (HKLM\...\Morphit_is1) (Version: 1.1.4 - ToneBoosters)
Tracker (HKLM-x32\...\com.elance.tracker) (Version: 2.3.3 - Elance Inc)
Tracker (x32 Version: 2.3.3 - Elance Inc) Hidden
T-RackS 3 Black 76 version 3.5 (HKLM\...\{7F0FEB55-6D4A-4892-8A04-3E1EC9001F49}_is1) (Version: 3.5 - IK Multimedia)
T-RackS 3 White 2A version 3.5 (HKLM\...\{4EE378E8-5B8C-4A56-837F-04986F44F14F}_is1) (Version: 3.5 - IK Multimedia)
T-RackS CS version 4.5.0 (HKLM\...\{E931EBCC-55F9-4D67-BA0E-D57C4A893A44}_is1) (Version: 4.5.0 - IK Multimedia)
Trackspacer (HKLM\...\Trackspacer_is1) (Version: 2.0.4 - Wavesfactory)
Tradeo - MetaTrader 4 (HKLM-x32\...\Tradeo - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Transify version 1.3 (HKLM\...\Transify_is1) (Version: 1.3 - )
TuneSmith (HKLM-x32\...\{9061CD4C-6D8A-465B-A2DF-530DF94BCE4D}) (Version: 3.0 - Idolumic)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.25 - Tweaking.com)
UAD drivers. This may take a while... (x32 Version: 9.0.0.58759 - Universal Audio, Inc.) Hidden
UAD Powered Plug-Ins (HKLM-x32\...\{9b9c7089-62a6-4bba-887c-4b94398cc561}) (Version: 9.0.0.58759 - Universal Audio, Inc.)
UAD Powered Plug-Ins (Version: 9.0.0.58759 - Universal Audio, Inc.) Hidden
UAD Powered Plug-Ins (x32 Version: 9.0.0.58759 - Universal Audio, Inc.) Hidden
ubCore64 5.63 (HKLM-x32\...\InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}) (Version: - )
ubCore64 5.63 (Version: 5.63 - Unibrain) Hidden
UNCHIRP VST-x64 1.0.0 (HKLM\...\{FE7EB46F-1099-46e2-9165-D10058814B7D}) (Version: 1.0.0 - Zynaptiq)
UNFILTER VST-x64 1.2.1 (HKLM\...\{F74A8B13-C915-4CE2-ACE0-CC6845C9D89D}) (Version: 1.2.1 - Zynaptiq)
UnHackMe 8.60 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
URS Classic Console Strip Pro VST RTAS v1.0 (HKLM-x32\...\URS Classic Console Strip Pro VST RTAS_is1) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VerbSuite Classics - Fusion-IR Bricasti M7 (Part 1) 1.1 (HKLM\...\VerbSuite Classics - Fusion-IR Bricasti M7 (Part 1)) (Version: 1.1 - LiquidSonics)
VerbSuite Classics - Fusion-IR Bricasti M7 (Part 2) 1.1 (HKLM\...\VerbSuite Classics - Fusion-IR Bricasti M7 (Part 2)) (Version: 1.1 - LiquidSonics)
VerbSuite Classics (HKLM\...\Slate Digital VerbSuite Classics_is1) (Version: 1.0.3.2 - Slate Digital)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version: - )
Virtual Buss Compressors (HKLM\...\Slate Digital Virtual Buss Compressors_is1) (Version: 1.2.7.7 - Slate Digital)
Virtual Tape Machines (HKLM\...\Slate Digital Virtual Tape Machines_is1) (Version: - Slate Digital)
VisLM v1.5.1 (HKLM\...\VisLM_is1) (Version: - NUGEN Audio)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visualizer v1.9.2 (HKLM-x32\...\Visualizer1_9_is1) (Version: - NuGen Audio)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VocALign Pro 4 VST (HKLM-x32\...\{EB77C666-B349-4046-8BD3-E4941119E1EF}) (Version: 4.00.0000 - Synchro Arts Ltd)
Voxengo Boogex (HKLM\...\Voxengo Boogex_is1) (Version: 2.1 - Voxengo)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Waves Complete (HKLM\...\Complete_is1) (Version: 2016.11.22 - Waves)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.15.40 - Webroot)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\WinDirStat) (Version: - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)
Zynaptiq ADAPTIVERB (HKLM\...\ADAPTIVERB_is1) (Version: 1.1.0 - Zynaptiq)
Zynaptiq ADAPTIVERB (HKLM-x32\...\Zynaptiq ADAPTIVERB) (Version: 1.0.1 - Zynaptiq)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04EFF940-BF67-4191-9209-1125A09409A3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {05848826-F541-4A0C-B9F2-1611BC2C39B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core1cf27e25d7e5085 => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {063A0BFF-9FB6-4A57-A0FE-92E13D9CF789} - \Auslogics\BoostSpeed\Start BoostSpeed оn SamSwanson logon -> No File <==== ATTENTION
Task: {08ABE768-2FEF-4170-8066-25BB5001F947} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {09888CEB-9E1F-4B6B-BF4A-DB2571F3F71B} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2016-08-15] (ASUSTeK Computer Inc.)
Task: {0F509641-76C6-4FAB-BEF3-CB600B547AC5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1471D492-58EE-4C44-BE77-AF989C926662} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1A41D700-2897-4BAA-A036-58E78AA05409} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1F8E022B-DD5B-4C81-B850-C98F8B88CD15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-20] (Piriform Ltd)
Task: {21C96E5B-F2CD-4BC9-8E73-CA85AC55B19E} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2012-12-25] (Arainia Solutions)
Task: {23972D0B-9EA4-444E-94E3-FEF38A46F53D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {25A3DFC4-D040-485E-B0C3-426340897B2A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-10-11] (Intel Corporation)
Task: {26678860-B1BB-4488-B82C-9D65CF436774} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-26] (NVIDIA Corporation)
Task: {28DC6CF1-3441-4644-839D-CA8C38FCF81F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-26] (NVIDIA Corporation)
Task: {2A5F42E1-3D73-43DE-AD75-7C45767E1073} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-26] (NVIDIA Corporation)
Task: {31B61FA2-6781-4DDF-A0E6-B5E23DA9740B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {34709417-D411-4C04-AC19-79E7834F99FF} - System32\Tasks\20160618_170750_Restore 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2012-08-13] (Nero AG)
Task: {355B0E4F-F22C-472D-80DF-8E171D2F3733} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2015-01-05] (Maxthon International ltd.)
Task: {36AD6884-E5D4-488D-95F6-FE8F55B41FAC} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-02-20] (Tweaking.com)
Task: {39DBE3EA-4037-4B26-AD52-FC269D6B2855} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3BC80582-EF19-47C4-B5B2-6C63A4573C8E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {40305E3B-34DB-4DB3-B2A3-B9F92E3C5D26} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {460D91C7-7A6C-4120-BDF1-351A93CF1157} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {4A2A02C8-A390-4ABD-A482-7FE54A9654CB} - System32\Tasks\open effects => C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe [2015-07-15] ()
Task: {4E2CFB07-EBB0-4549-8B69-C13637DFE808} - System32\Tasks\Patch My PC => C:\Users\SamSwanson\Desktop\PatchMyPC.exe [2017-02-20] (www.patchmypc.net)
Task: {52F29D63-FCB4-4A1A-BF18-02E57B5BE9A1} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-11] (Intel Corporation)
Task: {5B36754A-B7BE-41F5-BE37-F12045B1C69B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {5D25CD93-550A-42DF-8295-8A2C8AB3DF1E} - \avastBCLRestartS-1-5-21-3236326594-2611474830-2656184370-1001 -> No File <==== ATTENTION
Task: {5D6CA38A-4C4C-4E18-8C5D-5E2224AEC118} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {63D37EC5-5EDB-47FF-9FD1-1EBEC107D223} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {66365F28-CE4B-45AD-A996-337675E8A58E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {668D7E1E-ED4D-47C9-90C6-0775FE94025F} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-01-10] (Intel Corporation)
Task: {697EFF5B-44E8-4A03-844A-5C3AD38E4FEA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {6C09C286-EFF3-4AD4-8FB6-8392EB892C5F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA1cf27e25ff0855a => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {6C51BCE8-98E4-49AD-970F-82BA1B4FC324} - System32\Tasks\20160623_163758_Restore 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2012-08-13] (Nero AG)
Task: {6E398F56-89B4-4FC1-8AEA-E632E89C8918} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6F7DD068-47F7-4EE2-B113-F6BC5435281D} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {7388C649-BD6B-458E-BB7D-615016D011FC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-13] (COMODO)
Task: {7C23857E-26FD-48C7-AADC-94F9F547CB5F} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2017-02-11] (Bitsum LLC)
Task: {7D6CD2E9-7D16-4990-876E-A1DDD1C333DC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {8C2DAB06-A415-4E79-9FD2-92C60BC7FA67} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8D7DD635-2A2D-4000-8D1F-4C6B77F8D80E} - System32\Tasks\Microsoft\Windows\PLA\System\{2BCE5899-48A6-4AB8-B3D9-62E4245605D0}_System Diagnostics => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {95C752B4-7B0C-48D9-AE1C-3942F5D3BB76} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27] (COMODO)
Task: {96FDF968-3B9A-47A0-8729-22C64981D02C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {9929E7D3-69C5-48B3-BD78-4DA035C80291} - System32\Tasks\{BBCD0C7D-45F8-4AA4-A784-5E4F16371482} => pcalua.exe -a E:\ashampoo_firewall_free_1.20_sm.exe -d E:\
Task: {9AC9EE1F-3C7D-4D11-A723-C108476BA2FD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-22] (Adobe Systems Incorporated)
Task: {9F6C043A-F8EF-4589-9123-0EF833FBDDE8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-26] (NVIDIA Corporation)
Task: {A75CC2EA-C50E-4D36-AEA1-91212A6641DB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AD0C68FF-F1EF-4C1E-A767-DBD5729882A2} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-02-24] (Greatis Software)
Task: {AD2F8636-6963-4AAD-A26F-1D01E01200F0} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2013-01-14] ()
Task: {AD93EA85-7159-4B00-A2A8-DC9C6441F3A7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {BD2046AE-D49F-4ADD-BCDE-8005342B87D5} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27] (COMODO)
Task: {BDE36E30-62CC-4A29-816E-3A295DC2890B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-26] (NVIDIA Corporation)
Task: {C1590D8D-F402-4E93-8D27-AFD81BC6A5C3} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {C374DDAD-C0E9-49BF-A6B0-9ED56EB2165C} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2016-08-15] ()
Task: {C488B36A-662D-4D82-8D4E-7ACDD04C6206} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-10-11] (Intel Corporation)
Task: {CA31EB53-D7B0-4140-9BF1-68356F601421} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-22] (Adobe Systems Incorporated)
Task: {D583F66C-8EAB-4249-8FEB-75F592B49722} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {D6716D1C-E449-4AF6-8063-D330FAEA820B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D8D805E5-AFF8-477C-B46C-3A79C13D64E8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {DAE7EBFF-9B4D-438B-A0E1-76A7FE896D57} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E3CC8218-7A1E-4B80-B0E8-C9C2FA606B1B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E4290C7D-DF68-49AF-B8D3-ECF30CFCE984} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E8E81B66-3E1E-448E-9EDA-61D64DB64920} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {E8F94C64-88AA-4D59-AE81-D4BF8E78B677} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-13] (COMODO)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {F19205EB-384D-455D-99E3-6BC1A4840E68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F1C40402-4D4E-40EC-9F8D-55452716F7E0} - System32\Tasks\{EE492B24-CD47-404D-95D3-605112E375FA} => pcalua.exe -a "S:\More VSTI\Orchestral.Tools.Metropolis.Ark.2.Orchestra.Of.The.Deep.KONTAKT-P2P\METROPOLIS Ark 2 Win Installer.exe" -d "S:\More VSTI\Orchestral.Tools.Metropolis.Ark.2.Orchestra.Of.The.Deep.KONTAKT-P2P"
Task: {F6E4AD78-6FF4-4B5F-A68C-36575464E8A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F8D01798-23CD-4BD7-A4B2-3C85ED5B55C9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F95AB783-6CE0-421A-B5CE-89C59CE572F7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-26] (NVIDIA Corporation)
Task: {FAD23CE4-F70B-4FE3-B9F6-F8719DFDC955} - System32\Tasks\Microsoft\Windows\PLA\System\{EC8853F4-75E4-4154-B078-27C2E7531492}_System Diagnostics => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {FF6E9CA0-FA25-46F9-970E-F95E6DF9AFA3} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-11] (Intel Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core.job => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA.job => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 23:35 - 2016-12-13 23:35 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-12-23 12:43 - 2017-01-20 16:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-07 16:14 - 2014-01-07 16:14 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2016-10-14 14:31 - 2016-10-31 09:17 - 01244408 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2016-10-31 09:17 - 2016-10-31 09:17 - 04463592 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2015-07-07 10:44 - 2015-07-07 10:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2016-04-26 13:30 - 2016-04-26 13:30 - 00367824 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2017-02-10 20:00 - 2017-01-20 19:40 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-10 20:00 - 2017-01-20 19:40 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-11 16:07 - 2017-02-11 16:07 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-11 16:07 - 2017-02-11 16:07 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-11 16:07 - 2017-02-11 16:07 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-05-24 01:09 - 2016-05-24 01:09 - 00127336 _____ () C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe
2016-12-13 23:35 - 2016-12-13 23:35 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-23 12:26 - 2016-08-15 15:04 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2014-01-07 16:16 - 2013-01-14 16:37 - 01406776 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
2016-09-14 10:10 - 2016-09-14 10:10 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-12-23 11:43 - 2011-12-17 00:18 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-12-23 13:44 - 2012-11-09 03:17 - 01433200 _____ () C:\Program Files (x86)\Ditto\Ditto.exe
2014-02-18 21:52 - 2017-02-20 17:22 - 00544208 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\DashlanePlugin.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-01-20 11:27 - 2015-07-15 21:28 - 03042304 _____ () C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe
2016-10-14 14:48 - 2016-10-31 09:17 - 07382232 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2016-04-16 11:56 - 2016-06-29 11:01 - 09698296 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2017-02-28 15:41 - 2017-02-28 11:31 - 03759448 _____ () C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\58.0.3026.0\libglesv2.dll
2017-02-28 15:41 - 2017-02-28 11:31 - 00100696 _____ () C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\58.0.3026.0\libegl.dll
2014-01-07 16:14 - 2017-03-01 13:45 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-01-07 16:14 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-12-21 17:07 - 2014-12-21 17:07 - 00119822 _____ () C:\Program Files (x86)\AnonVPN\bin\libgcc_s_dw2-1.dll
2014-12-21 17:07 - 2014-12-21 17:07 - 01026062 _____ () C:\Program Files (x86)\AnonVPN\bin\libstdc++-6.dll
2015-08-11 14:36 - 2015-08-11 14:36 - 00024896 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
2016-10-14 14:25 - 2016-10-14 14:25 - 00037808 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2016-10-14 14:48 - 2016-10-14 14:48 - 04355264 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 14:59 - 2015-08-23 14:59 - 00606672 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\sqlite3.dll
2016-10-14 14:47 - 2016-10-14 14:47 - 20605872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2015-11-16 17:05 - 2015-11-16 17:05 - 00126928 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2016-04-16 11:45 - 2016-04-16 11:45 - 00248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2017-02-10 20:01 - 2017-01-20 19:40 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-10 20:00 - 2017-01-20 19:40 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-10 20:00 - 2017-01-20 19:40 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-01-07 16:16 - 2013-01-14 17:16 - 05771136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
2014-01-07 16:16 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
2014-01-07 16:17 - 2012-08-03 16:41 - 00043520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2014-01-07 16:17 - 2012-08-03 16:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-01-07 16:16 - 2013-01-15 15:30 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2014-01-07 16:17 - 2012-07-25 09:56 - 01124864 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00875520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00350160 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00441808 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00465872 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 62691792 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00285648 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 06186448 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 07395280 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.6.7.25343.dll
2017-02-10 20:01 - 2017-01-20 19:39 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-02-10 20:01 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-02-10 20:01 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-02-10 20:01 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-02-10 20:01 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-02-10 20:01 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-02-10 20:01 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-02-10 20:01 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-10 20:01 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-02-22 17:23 - 2017-02-20 17:21 - 13674960 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 02215376 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00334288 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.6.7.25343.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-11-10 18:38 - 2015-11-10 18:38 - 08337408 _____ () C:\Users\SamSwanson\Downloads\SonarworksforDDMF\Reference3.dll
2016-10-14 14:27 - 2016-10-14 14:27 - 00333744 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2016-10-14 14:25 - 2016-10-14 14:25 - 00050096 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2016-10-14 14:25 - 2016-10-14 14:25 - 00445872 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-10-14 14:23 - 2016-10-14 14:23 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2016-10-25 02:29 - 2016-10-25 02:29 - 00224768 _____ () C:\WINDOWS\SYSTEM32\UAD2DriverClient.dll
2016-10-25 02:29 - 2016-10-25 02:29 - 02058752 _____ () C:\WINDOWS\SYSTEM32\UAD2SDK.dll
2014-04-27 13:17 - 2000-01-01 01:00 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\grep.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\MBR.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\NIRCMD.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\NvContainerRecovery.bat:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\NvTelemetryContainerRecovery.bat:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\PEV.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\sed.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SWREG.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SWSC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SWXCACLS.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins002.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins005.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins006.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins007.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\zip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AcpiServiceVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AddressParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVCatalog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVDllSurrogate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntStreamingManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntSubsystemController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntSubsystems64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntVirtualization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVIntegration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVManifest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVOrchestration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVPublishing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVReporting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVScripting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVShNotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audioLibVc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\baaupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdechangepin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactActivation.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64Proxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DbgModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64F3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv201.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv211.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSBoostDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPONS64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLimiterDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSNeoPCDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSSymmetryDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PGFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PLFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PREC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExtrasXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FMAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveprompt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GenValObj.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HarmanAudioInterface.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HiFiDAX2API.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMClariFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMEQ.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\HMEQ_Voice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMHVS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMLimiter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ICEsoundAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ImplatSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelSSTAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelSstCApoPropPage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KAAPORT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kdhvcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\libpng15.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvcProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapstoasttask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapsupdatetask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO5064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO6064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO7064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioRealtek64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxSpeechAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO2064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MISS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICAPOlfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NahimicAPONSControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICV2apo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICV3apo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nativemap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NmaDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvapi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvDecMFTMjpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434709.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434788.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435354.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435887.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435906.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6436909.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437254.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437653.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437849.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434709.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434788.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435354.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435887.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435906.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6436909.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437254.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437653.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437849.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvEncodeAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvfatbinaryLoader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvFBC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco6420103.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvhdap64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvIFR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvoglv64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvptxJitCompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\partizan.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneServiceRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Phoneutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneutilRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prm0005.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwcreator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEA64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RCoInstII64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpshell.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReWire.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RltkAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtDataProc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkApi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCfg64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCoLDR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtlCPAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtNicProp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtPgEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTSnMg64.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SECOMN64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\securekernel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEHDHF64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEHDRA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET8ED1.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET8FC2.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETA251.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETA93F.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFNHK64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFSS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sl3apo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slcnt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slprp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sltech64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRRPTR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSHP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSWOW64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tepeqapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosade.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosasfapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\toseaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tossaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tossaemaxapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TransportDSA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tspubwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataAccessRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpncmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo-1-1-0-37-0.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiConfigSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifiprofilessettinghandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModelOOBE.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XamlTileRender.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zlib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AddressParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DbgModel.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NmaDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvFBC.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\opencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Phoneutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhoneutilRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReWire.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RltkAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SECOMN32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SEHDHF32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SFCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slcext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SYNSOEMU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeEditkb.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccessRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-37-0.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmploc.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AppVStrm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AvidMbox.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AvidMbox_DFU.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ClipSp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\DDMFaudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\file_tracker.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidusb.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvservice.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorA.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\LGVirHid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbae64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndisrfl.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Neo6_x64_VPN.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nettap630.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvhda64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rt640x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RTKVHD64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET8839.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srvnet.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tib.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tib_mounter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tnd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tsvadpcm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UAD2Pcie.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UAD2System.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UAD2WdmAudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\virtual_file.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wof.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\UpdateHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Microsoft:Gb9iHSAhBg9BV12C3k73XBgHLQz [2384]
AlternateDataStreams: C:\ProgramData\Microsoft:gVCZtV597Pk0byqtUxyu9ZFc [2548]
AlternateDataStreams: C:\ProgramData\Microsoft:HkCk6pH2rgF930hJgx9 [2112]
AlternateDataStreams: C:\ProgramData\MicrosoftyzvIDdUHQPoJqcsmkYzVeN [2130]
AlternateDataStreams: C:\ProgramData\Microsoft:w3lVKHfpoNp0LGn1SO56 [2532]
AlternateDataStreams: C:\ProgramData\Microsoft:ZUQvhkhISSBkTH7rGp [2562]
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B [152]
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [136]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:3rwwZhw2tLiAmOSNHAwYUqSaJU [1858]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:IZqLckuoBEmSeyWZ9jWWGPoF9 [2068]
AlternateDataStreams: C:\Users\SamSwanson\CookiesZUQi9r51MMNkceOnZGIDucq [2336]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:suYxzGFC9bvFaXMRmXkqqt [1952]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:w6io6svORgLdd8KCHJbkN71r [2442]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Czech taxes for dummies 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\dokument.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Formulář_žádosti__pro_cizince,_neobčany_EU_a_jejich_rodinné_příslušníky-rev.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\how to licesne musick.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Money 4 Music.epub:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\PatchMyPC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Potvrzení_o_zajištění_ubytování_FO.DOC:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\RevoicePro.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Rights-Owner-Repertoire.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\SigLotSizeCalV1.2.xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\SM-Offshore-Banking-Report.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\SongMarket.epub:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\uTorrent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\uTorrent.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\3AC2.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (10).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (10).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (2).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (2).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (3).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (3).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (4).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (4).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (5).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (5).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (6).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (6).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (7).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (7).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (8).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (8).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (9).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (9).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.15.0.2_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.16.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.16.1_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.18.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.19.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.20.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.21.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.22.1_win64-setup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.22.2.2_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.23.0.2_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.24.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.24.1_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\tdsskiller.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\tdsskiller.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\bvSO2cjMUSN:nKkdVTct7EMl42YHS3SZExMJ [2388]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX6d4DS5PFDAk03KTXvn2F2mu [2712]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA:03HrcMG15SDYyUw1Sza8AWAbY [2338]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\Temporary Internet Files:xwH7V3jDNbvYm9CzQAMppM [2254]
AlternateDataStreams: C:\Users\SamSwanson\Documents\2015 tax return Horton.pdf:$CmdZnID [26]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2017-02-20 21:19 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\wallpaper_2.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: WSearch => 2
HKLM\...\StartupApproved\StartupFolder: => "Snagit 11.lnk"
HKLM\...\StartupApproved\StartupFolder: => "LoopBe30 Monitor.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "googletalk"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (2)"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (1)"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (3)"
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPortf0ac3e"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\StartupFolder: => "RBTray.exe"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\StartupFolder: => "SpeedFan.lnk"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Gobbler"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6884A160BCC04722E6F4385CB6FFBBDA"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GizmoDriveDelegate"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Copy"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DriverMax"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_20359AAFD869880A09A939B153F8703B"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8811F55-5587-4E2E-9803-5F89E86BE479}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E4BE2C83-8EFB-40F4-AA36-DF1B6E02FC63}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E50ECC5-ADEE-41F4-B456-DD8184B7B9D7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{06E10D22-128D-4D9C-81AE-CFCC8F5C0D78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{800BE274-31F7-4485-93FA-49D22449C363}] => (Allow) S:\SteamGameLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{B6A68273-9DDE-4550-BF33-23B26844ED8A}] => (Allow) S:\SteamGameLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{E5A8B4EF-E0C3-46C4-8655-F4667B7C0FC3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{AF19923E-DFBF-44CE-8E35-C061282BF825}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [UDP Query User{F5776BFC-9EE0-43A2-B705-766521F94B2D}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{A17EFB4D-9DC9-470C-8B1B-BC335E7CA9B8}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{FEB8E9ED-9B27-4C04-AE59-C6FB21E4CFEE}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [TCP Query User{4FC0708F-E22A-46A0-B3A1-8BAF833E3603}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [UDP Query User{82951DBB-1382-405F-B496-B2CB552D2CC9}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F2B9FCED-0F9D-49E0-9B96-B20FC514B119}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{32E5E5FF-AE09-40CA-9019-D3486EEBABF5}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [TCP Query User{43AFE483-1F63-4C55-8462-69C60BC018BA}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{EB46C128-ED00-4C3F-8F84-47470F58C813}] => (Block) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [{69B1232F-5701-454C-ADFE-08E54D6B0920}] => (Block) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [UDP Query User{1AB4FC87-2B0D-472E-A3E6-61C2B6C070FA}C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe] => (Allow) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [TCP Query User{EB0FECB5-C9BD-488B-99F8-68E3EE0359D9}C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe] => (Allow) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [UDP Query User{2AFF58C6-0DEA-4814-BFFB-9396E88BD493}C:\program files\reaper (x64)\plugins\reaper_host64.exe] => (Block) C:\program files\reaper (x64)\plugins\reaper_host64.exe
FirewallRules: [TCP Query User{78335E54-289F-41C9-A7FB-1EEC0AC1D749}C:\program files\reaper (x64)\plugins\reaper_host64.exe] => (Block) C:\program files\reaper (x64)\plugins\reaper_host64.exe
FirewallRules: [{7AF1A041-07C9-4959-8274-77EE03809209}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6986C6E8-5AE1-4AF7-9F1B-8E4880BEF5F9}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9A87E20F-0224-40A4-A0A6-CF2D427F4D20}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BA177546-4044-4C07-AFE8-69887582567D}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{0BFC59AF-9A77-433F-9D79-6A42BC3B990E}C:\program files (x86)\idolumic\tunesmith\tunesmith.exe] => (Block) C:\program files (x86)\idolumic\tunesmith\tunesmith.exe
FirewallRules: [TCP Query User{A3ECAB14-43DA-4877-B411-E11F65833A70}C:\program files (x86)\idolumic\tunesmith\tunesmith.exe] => (Block) C:\program files (x86)\idolumic\tunesmith\tunesmith.exe
FirewallRules: [{9F08C694-EC8D-4028-B569-CC536012E7BB}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{B184610F-D175-44C7-B31A-4C9CF612667C}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{85F3ACDA-06E5-4E75-BBB3-E4993FCACAEA}] => (Allow) LPort=1688
FirewallRules: [{FE438153-8F8D-492D-A2FB-B9DC4D356A58}] => (Allow) LPort=1688
FirewallRules: [{4810449D-6142-46CE-90E8-E59770BFC440}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CA27EC5C-5D60-4DE9-A224-7B39FC82845B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{50841857-DD2A-46AC-8627-9A7BE07699D7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4EF546A8-7388-4B39-8C68-16D263B1252B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{901F754B-7F53-41C0-A07B-A4D8D0DFE036}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FF7228E9-9CA7-41CD-A723-2F149E256AC0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6FA2A9E8-A72E-42CF-A794-B18CC107DEA1}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{F71782BC-163B-4084-BA5E-9BE299F8C6C3}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{159A065B-2BA1-4A71-8EE1-BAAEA61F9001}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{FE35395F-4673-4FC1-85FB-576D178B0B1D}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [UDP Query User{1579E7CF-1850-48C3-886A-632A8EC41CB6}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [TCP Query User{7DCC07A6-5616-48B2-AC59-2C37A069E637}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [UDP Query User{AB2EA62A-A8E9-4766-83D1-08DEFBBBBB76}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4E60A726-4483-4E32-9B1C-85B9E69C232F}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5EE2E0AD-9DAB-4F6D-8D38-0A41D29BF39E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AE76EA5F-CF6E-4FDC-BF69-7187C5A8CD22}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D524EB94-7130-4A51-9936-58807A7CCC32}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DC004AA2-EAB9-45C4-8636-FBF333884C16}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{264C0F87-944D-4B28-B875-008CE407DCEC}] => (Allow) C:\Program Files (x86)\gnucash\bin\gconfd-2.exe
FirewallRules: [{BEEFD323-7E07-406B-B349-2515E304A47A}] => (Allow) C:\Program Files (x86)\gnucash\bin\gconfd-2.exe
FirewallRules: [{4C7D8CF3-F3E2-46AD-8B64-D3064C44978B}] => (Allow) C:\Program Files (x86)\gnucash\bin\gnucash.exe
FirewallRules: [{B73A089E-647C-40E4-BC4B-061EE4354A35}] => (Allow) C:\Program Files (x86)\gnucash\bin\gnucash.exe
FirewallRules: [{159B9D62-A976-4BF7-8EBB-1E2082C0DA3B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{394FFBE6-FF1C-4139-B2B4-B00E21956F4E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{57DFEDDE-D220-4A8D-85E3-2EDBBBE665B2}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{09BB3EE1-42E8-4B70-B9FB-ECEE43D6E6E7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [UDP Query User{8B077964-B2EF-4647-B909-569A0E35D127}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [TCP Query User{BA5E5EF7-5ADA-4398-A746-A25FDEA7334A}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{39D9F0E3-EEF9-4650-94DB-AD618B47C70A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{D3A12194-DFB4-41DE-BAFE-163B728B7C2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [UDP Query User{C489928B-BCB6-4CAD-B115-8637D6D5F1E2}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [TCP Query User{873D8F9D-EA4F-4D25-9643-79E633CB1825}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [{3AE70BBF-4187-408E-8552-8C40592320B4}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{23AC632F-EAB7-4D82-91A0-AF1745451F95}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [UDP Query User{34448265-8649-4C33-AC9D-CE6B4BDE66C0}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [TCP Query User{CC138988-1294-4E93-B9F7-B5EEEAF4385B}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [{347A2896-44B0-4781-8639-F8E6DADBAF9B}] => (Block) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [{043836B9-CABB-4DE7-BB6F-4C6561C5B4AF}] => (Block) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [UDP Query User{A7D9C2DC-CB32-4544-A540-3CE567BB1891}C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe] => (Allow) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [TCP Query User{C17FD2D4-D884-4DF0-BFC2-BA96D1E34ACC}C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe] => (Allow) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [{FC9A52D6-E8D3-43D5-9EE5-A4CC0A72E7E1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D44DDEE-E403-49B8-971A-46814BF7814C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{65942B4D-AAD7-4320-BDFC-7B54A64A2DF8}] => (Allow) C:\Program Files (x86)\Intel\Extreme Tuning Utility\Client\PerfTune.exe
FirewallRules: [{10EA7950-8535-46F1-BD21-00FA3E46A57C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2A95E67F-00BA-4C7F-982F-21737687F7C2}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{D349A76B-9E0E-4A55-BD62-98E51D8FC3FF}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [TCP Query User{0F05B259-9FEA-40DD-A9E3-70A1E7D792A8}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [UDP Query User{63BE29B2-A2E7-4578-97CC-D0DCBF7639AE}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [TCP Query User{FD47186C-FB63-42B6-8252-1BA2D3D031C6}C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe] => (Allow) C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe
FirewallRules: [UDP Query User{B6461154-8899-4C23-922A-8B13A7389751}C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe] => (Allow) C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe
FirewallRules: [{33659DC1-1F98-439A-AEC3-57776D741690}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4DCCEBA1-C481-409A-B6A3-9978F0C403D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FE6ED81B-B560-40F0-8975-770BE8C4B4C5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{DE906F04-5348-4E10-8278-2FA61E95B0B3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [TCP Query User{C20C177B-0E29-469B-A6DA-2CF7B87D207D}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{A3922E75-DF5F-4382-9192-D3989C5686AE}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [TCP Query User{E2572DE2-18A4-4838-BF78-D416F7A58F87}C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{4C7F8891-A519-4288-A555-D6B644C983F9}C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{8164E955-4659-4A72-8510-667E48F5CBCF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{193307C5-27EA-4047-8D49-62699F1ABCA8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{23D75EBE-3F14-4B79-8CAD-EB12D7FA7A23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F9C2D2D0-2A16-4751-8866-990FE9C3C851}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{16F6121E-B315-462F-9B0C-4753ECD149D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C5E08516-C1BC-4B12-BB6E-45A9CE248B88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DE03B6B4-FD06-45C6-991C-EB99785E619A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2D32070B-BE19-469C-9749-20AF2E943B77}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B2868D72-9C1F-442F-829F-7E3CC250B9D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8E7B85F4-59CC-4743-ABDC-113EF0515C1A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{80A0797C-B514-4C9D-9AD0-4030E922803D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{151CDCEB-5350-4E0B-B3DF-5D1AFD444318}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{2FC9AC5D-2002-4226-851A-C906786981FE}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{CBF94C9D-E30C-4E5E-90C8-84E3E08CAE9B}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{447E0C97-2CD8-4303-8588-9CEE3774093C}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{E8226ED0-F618-4BFF-9414-9DE5D234B0E5}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe
FirewallRules: [{4FC8502B-C59D-4A3E-835A-1D56C834280C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{266AE150-5BAC-41F2-B9C7-3AEFEF2BD695}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{A83100B2-AC65-4E83-BCA3-B70ACBD1F190}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{A6644206-9A35-4A7E-A8AF-0759C35D655D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{97AC4EC6-F9A0-4962-A2AB-EDA3242B18EE}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{6AECC060-1F3B-47E6-8945-52A9F9577BC3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{5726AA47-031F-426F-B0F5-64624B7C1215}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
==================== Restore Points =========================
28-02-2017 11:49:12 UnHackMe Malware Removal
01-03-2017 11:44:51 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Primo Ramdisk Controller
Description: Primo Ramdisk Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ROMEX SOFTWARE
Service: FancyRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (03/01/2017 01:45:23 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CISCTPnpDriverApi::CreateInstance *****Unable to open the ISCT device driver
Error: (03/01/2017 01:45:21 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance due to the following error: The operation completed successfully. 0x0.
Error: (03/01/2017 01:45:21 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
Context: Application, SystemIndex Catalog
Error: (03/01/2017 01:45:21 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
Error: (03/01/2017 01:11:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 48e6d0c5-d8e4-4360-bb8d-3d6bb71a9fc6
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (03/01/2017 01:11:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 48790a9b-3153-47b4-a6e5-f22baa3906b6
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (03/01/2017 01:11:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 98b6a535-974c-449e-982a-a246c737bd67
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (03/01/2017 01:10:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: a9a55e69-c8eb-463d-aaed-78bcb9e053a9
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (03/01/2017 01:10:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: bd5faf09-c96e-41ac-8ba9-644fb2285df0
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Error: (03/01/2017 01:10:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 6cc81cc9-2e64-4a70-a2c2-02284f9bf320
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
System errors:
=============
Error: (03/01/2017 01:47:39 PM) (Source: DCOM) (EventID: 10010) (User: JIRICOMPUTER)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
Error: (03/01/2017 01:45:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error:
A device attached to the system is not functioning.
Error: (03/01/2017 01:45:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Error: (03/01/2017 01:45:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroupListener service terminated with the following service-specific error:
%%2147944153 = There are no more endpoints available from the endpoint mapper.
Error: (03/01/2017 01:45:20 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (03/01/2017 01:45:08 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (03/01/2017 01:45:07 PM) (Source: FancyRd) (EventID: 2) (User: )
Description: The evaluation period for this installation of Primo Ramdisk has expired.
Error: (03/01/2017 01:44:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/01/2017 12:44:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (03/01/2017 12:44:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\SAMSWA~1\AppData\Local\Temp\ehdrv.sys
CodeIntegrity:
===================================
Date: 2017-03-01 13:45:20.462
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-03-01 13:10:23.122
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-03-01 10:08:14.214
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-28 20:24:01.160
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-28 14:34:03.436
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-02-28 14:24:45.395
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-02-28 10:27:02.809
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-27 23:33:07.375
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-02-27 10:13:30.628
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-26 10:20:40.553
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 20%
Total physical RAM: 32716.45 MB
Available physical RAM: 26103.2 MB
Total Virtual: 32716.45 MB
Available Virtual: 25484.44 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.13 GB) (Free:113.97 GB) NTFS
Drive r: (Redundant) (Fixed) (Total:2794.39 GB) (Free:1153.93 GB) NTFS
Drive s: (Major Scott) (Fixed) (Total:2794.39 GB) (Free:1561.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 3DE8DBCF)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: BCDE926D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 1CD3CAE0)
Partition: GPT.
==================== End of Addition.txt ============================
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
Program started at: 03/01/2017 05:57:09 PM in x64 mode.
Windows Version: Windows 10 Pro
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
* Reparse Point/Junctions Found (Most likely legitimate)!
* C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir]
Checking Windows Service Integrity:
* agp440 [Missing Service]
* gagp30kx [Missing Service]
* IEEtwCollectorService [Missing Service]
* IoQos [Missing Service]
* nv_agp [Missing Service]
* TimeBroker [Missing Service]
* uagp35 [Missing Service]
* uliagpkx [Missing Service]
* WcsPlugInService [Missing Service]
* wpcfltr [Missing Service]
* WSService [Missing Service]
* AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
* WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
* vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
* vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 03/01/2017 05:58:06 PM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)
AdwCleaner Report
# AdwCleaner v6.044 - Logfile created 01/03/2017 at 18:04:20
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-02-28.2 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : SamSwanson - JIRICOMPUTER
# Running from : C:\Users\SamSwanson\Desktop\Computer fix\adwcleaner_6.044.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
No malicious task found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - iabeihobmhlgpkcgjiloemdbofjbdcic
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - aaaaaiabcopkplhgaedhbloeejhhankf
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - mamnihopcnbfnbfnnneplcohmnkkpipb
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - dgpdioedihjhncjafcpgbbjdpbbkikmi
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - nedjejdfkkjgebciefdfofjhmeogiaga
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences ] - dgpdioedihjhncjafcpgbbjdpbbkikmi
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [14067 Bytes] - [12/08/2016 15:02:17]
C:\AdwCleaner\AdwCleaner[C2].txt - [5079 Bytes] - [05/12/2016 19:17:10]
C:\AdwCleaner\AdwCleaner[C3].txt - [3399 Bytes] - [12/02/2017 23:44:50]
C:\AdwCleaner\AdwCleaner[C4].txt - [2653 Bytes] - [13/02/2017 18:05:07]
C:\AdwCleaner\AdwCleaner[C5].txt - [2811 Bytes] - [19/02/2017 18:07:14]
C:\AdwCleaner\AdwCleaner[C6].txt - [2565 Bytes] - [21/02/2017 20:08:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [14440 Bytes] - [27/02/2016 01:27:24]
C:\AdwCleaner\AdwCleaner[S2].txt - [356 Bytes] - [27/02/2016 11:35:21]
C:\AdwCleaner\AdwCleaner[S3].txt - [5075 Bytes] - [05/12/2016 19:10:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [3532 Bytes] - [12/02/2017 23:37:34]
C:\AdwCleaner\AdwCleaner[S5].txt - [2923 Bytes] - [13/02/2017 17:58:12]
C:\AdwCleaner\AdwCleaner[S6].txt - [3081 Bytes] - [19/02/2017 18:01:33]
C:\AdwCleaner\AdwCleaner[S7].txt - [2784 Bytes] - [21/02/2017 19:50:35]
C:\AdwCleaner\AdwCleaner[S8].txt - [2784 Bytes] - [01/03/2017 18:04:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2857 Bytes] ##########