• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

slonslon7

PCHF Member
PCHF Member
Mar 1, 2017
14
8
32
Hello.
I've been having some malware issues. Have scanned with a host of AM and AV, removed some items but some issues persist:
-Some kind of DNS hijacker (RogueKiller finds DHCPnameserver) but it keeps coming back. In chrome before visiting any site it says "waiting for xxx.freddysrentals.xxx" before eventually taking me to the right site. Some older pages are now not loading at all.
-Computer CPU was spiking at 100% even when idle. Nothing too out of the ordinary in the processes, but seems like scvhost.exe was taking up the most and was possible root kit. Might have removed this today with MBAR.

Attaching a bunch of reports here. Really appreciate any assistance you can provide. Thanks so much!


Master Boot Record:

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-03-01 17:45:04
-----------------------------
17:45:04.371 OS Version: Windows x64 6.2.9200
17:45:04.372 Number of processors: 8 586 0x3A09
17:45:04.387 ComputerName: JIRICOMPUTER UserName: SamSwanson
17:45:05.575 Initialize success
17:45:06.451 VM: initialized successfully
17:45:06.453 VM: Intel CPU BiosDisabled
17:45:38.078 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000003e
17:45:38.081 Disk 0 Vendor: TOSHIBA_DT01ACA300 MX6OABB0 Size: 2861588MB BusType: 11
17:45:38.098 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000003f
17:45:38.099 Disk 1 Vendor: OCZ-AGILITY4 1.5.2 Size: 244198MB BusType: 11
17:45:38.117 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000041
17:45:38.119 Disk 2 Vendor: WDC_WD30EZRZ-00Z5HB0 80.00A80 Size: 2861588MB BusType: 11
17:45:38.144 Disk 1 MBR read successfully
17:45:38.147 Disk 1 MBR scan
17:45:38.149 Disk 1 Windows 7 default MBR code
17:45:38.151 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
17:45:38.154 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 243846 MB offset 718848
17:45:38.166 Disk 1 scanning C:\WINDOWS\system32\drivers
17:45:40.101 Service scanning
17:45:44.621 Service WRkrn C:\WINDOWS\System32\drivers\WRkrn.sys **LOCKED** 32
17:45:45.350 Modules scanning
17:45:45.356 Disk 1 trace - called modules:
17:45:45.361 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
17:45:45.366 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffffb406311e7060]
17:45:45.369 3 CLASSPNP.SYS[fffff803881a5efb] -> nt!IofCallDriver -> [0xffffb40630240e40]
17:45:45.374 5 ACPI.sys[fffff80386d54571] -> nt!IofCallDriver -> \Device\0000003f[0xffffb406301fa060]
17:45:45.377 Disk 1 statistics 159841/0/0 @ 65.09 MB/s
17:45:45.385 Scan finished successfully
17:46:35.298 Disk 1 MBR has been saved successfully to "C:\Users\SamSwanson\Desktop\Computer fix\MBR.dat"
17:46:35.310 The log file has been saved successfully to "C:\Users\SamSwanson\Desktop\Computer fix\aswMBR.txt"
Computer Specs:

OS Version: Microsoft Windows 10 Pro, 64 bit
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 32716 Mb
Graphics Card: NVIDIA GeForce GTX 660 Ti, -2048 Mb
Hard Drives: C: 238 GB (113 GB Free); R: 2794 GB (1153 GB Free); S: 2794 GB (1561 GB Free);
Motherboard: ASUSTeK COMPUTER INC., P8Z77-V LX
Antivirus: Webroot SecureAnywhere, Enabled and Updated
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by SamSwanson (administrator) on JIRICOMPUTER (01-03-2017 17:43:28)
Running from C:\Users\SamSwanson\Desktop\Computer fix
Loaded Profiles: SamSwanson (Available Profiles: SamSwanson)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Dashlane, Inc.) C:\Users\SamSwanson\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
(Flux Software LLC) C:\Users\SamSwanson\AppData\Local\FluxSoftware\Flux\flux.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Users\SamSwanson\AppData\Roaming\Dashlane\DashlanePlugin.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Universal Audio, Inc.) C:\Program Files (x86)\Universal Audio\Powered Plugins\UATrayIcon.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Universal Audio, Inc.) C:\Program Files (x86)\Universal Audio\Powered Plugins\UADPerfMon.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-12-03] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-11] (Copyright 2017.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-02-11] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-02-11] (Malwarebytes)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched (1)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched (2)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched (3)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-12-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-12-28] ()
HKLM-x32\...\Run: [CheckNDISPortf0ac3e] => C:\Program Files (x86)\Hostless Modem\Mobile Hotspot Admin\CheckNDISPort_df.exe [465664 2014-03-26] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\Mobile Hotspot Admin\CancelAutoPlay_df.exe [446720 2014-03-26] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [421768 2016-06-29] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7382232 2016-10-31] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992056 2017-01-18] (Webroot)
HKLM-x32\...\Run: [UATrayIcon] => C:\Program Files (x86)\Universal Audio\Powered Plugins\UATrayIcon.exe [3804160 2016-10-25] (Universal Audio, Inc.)
HKLM-x32\...\Run: [UAPerfMon] => C:\Program Files (x86)\Universal Audio\Powered Plugins\UADPerfMon.exe [5964288 2016-10-25] (Universal Audio, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1265256 2017-01-25] (Carbonite, Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Dashlane] => C:\Users\SamSwanson\AppData\Roaming\Dashlane\Dashlane.exe [486352 2017-02-22] (Dashlane, Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [1433200 2012-11-09] ()
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [F.lux] => C:\Users\SamSwanson\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (1)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (2)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (3)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (4)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [DashlanePlugin] => C:\Users\SamSwanson\AppData\Roaming\Dashlane\DashlanePlugin.exe [544208 2017-02-20] ()
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Spotify Web Helper] => C:\Users\SamSwanson\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-17] (Spotify Ltd)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Spotify] => C:\Users\SamSwanson\AppData\Roaming\Spotify\Spotify.exe [7067760 2017-02-17] (Spotify Ltd)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update] => C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2016-08-15] (Disc Soft Ltd)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [GizmoDriveDelegate] => C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2012-12-25] (Arainia Solutions)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-20] (Piriform Ltd)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [GoogleChromeAutoLaunch_20359AAFD869880A09A939B153F8703B] => C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe [1144152 2017-02-28] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\RunOnce: [Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\RunOnce: [Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [MacDriveVolumeIcon] -> {6B21AF46-EE37-40D0-A707-C06C17D06CE9} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation)
ShellIconOverlayIdentifiers: [MacDriveVolumeIconReadOnly] -> {E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2016-08-23]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-02-25]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EffectRack.lnk [2016-08-11]
ShortcutTarget: EffectRack.lnk -> C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe ()
Startup: C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2016-08-16]
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
BootExecute: autocheck autochk * sdnclean64.exePartizan
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{2173f261-2e23-4f0a-940a-2a88ca2b214b}: [NameServer] 74.82.42.42,192.168.0.1
Tcpip\..\Interfaces\{2173f261-2e23-4f0a-940a-2a88ca2b214b}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{7faf953a-453a-4de6-a3bc-2ce40997f6cc}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7faf953a-453a-4de6-a3bc-2ce40997f6cc}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{a56f0fe6-a65d-419a-9a9d-a9f8c86c22bd}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{c09f412c-6a39-48fa-9e06-9f815d6e9d25}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-20] (Oracle Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-20] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)

FireFox:
========
FF DefaultProfile: [email protected]
FF ProfilePath: C:\Users\SamSwanson\AppData\Roaming\Mozilla\Firefox\Profiles\lncyg2i6.default [2017-03-01]
FF NewTab: Mozilla\Firefox\Profiles\lncyg2i6.default -> about:newtab
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\lncyg2i6.default ->
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\lncyg2i6.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\lncyg2i6.default -> about:blank
FF Keyword.URL: Mozilla\Firefox\Profiles\lncyg2i6.default ->
FF Extension: (Dashlane) - C:\Users\SamSwanson\AppData\Roaming\Mozilla\Firefox\Profiles\lncyg2i6.default\Extensions\[email protected] [2017-01-05]
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-01-27]
FF SearchPlugin: C:\Users\SamSwanson\AppData\Roaming\Mozilla\Firefox\Profiles\lncyg2i6.default\searchplugins\google-avast.xml [2015-01-06]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml [2010-12-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml [2010-12-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-20] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @ilok.com/iLokHelper,version=3.1.0.7 -> C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll [2012-11-17] ( PACE Anti-Piracy, Inc)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-03-25] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @citrixonline.com/appdetectorplugin -> C:\Users\SamSwanson\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\SamSwanson\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-05-15] (Google)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @talk.google.com/O1DPlugin -> C:\Users\SamSwanson\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-05-15] (Google)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @tools.google.com/Google Update;version=3 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @tools.google.com/Google Update;version=9 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-20] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2010-12-03] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Users\SamSwanson\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-05-15] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\SamSwanson\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-05-15] (Google)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js [2010-12-03]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2010-12-03]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2010-12-03]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js [2010-12-03]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp:\/\/www.search.ask.com\/?gct=hp
CHR DefaultSearchURL: Default -> hxxp:\/\/www.search.ask.com\/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp:\/\/ssmsp.ask.com\/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (mention) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdbnpodkgflemjpckmcdgabbmefpfnb [2014-06-12]
CHR Extension: (Send using Gmail™ (no button)) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc [2014-06-12]
CHR Extension: (Angry Birds) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-13]
CHR Extension: (Google Docs) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13]
CHR Extension: (Sortd Smart Skin for Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohlfneeliakfcefeffppfplagbccbni [2016-05-07]
CHR Extension: (Google Drive) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
CHR Extension: (Audiense) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bagknoiagpifjfbempgignagkejmkljm [2016-03-11]
CHR Extension: (Session Manager) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-04-11]
CHR Extension: (Sexy Undo Close Tab) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcennaiejdjpomgmmohhpgnjlmpcjmbg [2016-08-06]
CHR Extension: (Turn Off the Lights) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-06-24]
CHR Extension: (ColorZilla) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2016-04-01]
CHR Extension: (My Shortcuts) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcpobipejlbogodeiendpdgcdambjgo [2013-06-05]
CHR Extension: (YouTube) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13]
CHR Extension: (Minimalist for Everything) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek [2017-02-24]
CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2016-07-26]
CHR Extension: (Adblock Plus) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (TaskMilk) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\chieodlkhimccchlojdmiondhiggkhmf [2013-06-05]
CHR Extension: (uBlock Origin) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-07]
CHR Extension: (FullContact for Gmail™) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnaibnehbbinoohhjafknihmlopdhhip [2016-05-23]
CHR Extension: (Speechify) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dalapoeljdklkcfjkecafidnojkfpohn [2013-06-05]
CHR Extension: (MozBar) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2016-08-10]
CHR Extension: (NYTimes) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2013-06-05]
CHR Extension: (Session Buddy) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-04-27]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-06]
CHR Extension: (Silver Bird) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2017-02-24]
CHR Extension: (Symtica) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fafldeedegmfkdkolgpcopgfcdidgbjk [2013-06-05]
CHR Extension: (After the Deadline) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho [2014-08-22]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-07-29]
CHR Extension: (Dashlane) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-08-11]
CHR Extension: (Google Sheets) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13]
CHR Extension: (Stylish) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-05]
CHR Extension: (HTTPS Everywhere) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-07-21]
CHR Extension: (Cestujlevne.com notifikátor) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\genojieiefkacjcapigbigafhebnmdfp [2016-05-27]
CHR Extension: (Facebook™ Chat Privacy) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2016-07-19]
CHR Extension: (Google Docs Offline) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13]
CHR Extension: (AdBlock) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-29]
CHR Extension: (Pinterest Save Button) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-07-20]
CHR Extension: (Reader Plus) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhcknjkmaaeinhdjgimjnophgpbdgfmg [2013-06-05]
CHR Extension: (Rapportive) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2014-12-13]
CHR Extension: (Select To Get Maps) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha [2013-06-05]
CHR Extension: (feedly) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-08-31]
CHR Extension: (Remember The Milk for Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hphjpfmagbhbdfhdndglcccmhdjhjjce [2014-12-17]
CHR Extension: (goo.gl URL Shortener) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2015-05-14]
CHR Extension: (ModHeader) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2016-05-23]
CHR Extension: (Proxmate) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2016-04-27]
CHR Extension: (Social Fixer for Facebook) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-12-13]
CHR Extension: (Forecastfox) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2013-06-05]
CHR Extension: (Power Twitter for Google Chrome™) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iieehhjfejnoljbnnhfnhibcjhmifffo [2013-06-05]
CHR Extension: (Mail2Cloud for Chrome
Revolutionizing Email) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhapcklhkanndjbdnhichfmolhiaekg [2016-05-23]
CHR Extension: (Imagus) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2016-05-27]
CHR Extension: (Spreed - speed read the web) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2016-03-27]
CHR Extension: (IDM Integration Module) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-04-11]
CHR Extension: (WhoWorks.At) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeldhknnfopoiloahhpmbblbhemankjj [2013-06-20]
CHR Extension: (Disconnect) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-22]
CHR Extension: (Google +1 Button) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-04-11]
CHR Extension: (Attachments.me) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhphhbgmckofodhphhiflhkhibdilddi [2013-06-05]
CHR Extension: (Image Search by Cooliris) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllgofbnhaihnfbokejhcndhoogagdmk [2013-06-05]
CHR Extension: (Bananatag Email Tracking) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbnpbfpgjkblmejlgkfkekajajhjcid [2016-01-06]
CHR Extension: (Speed Dial 2) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-05-30]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-17]
CHR Extension: (StumbleUpon) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-04-11]
CHR Extension: (Google Voice (by Google)) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-04-11]
CHR Extension: (Super Full Feeds for Google Reader™) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\khbjahpecnkenngkidhioicnfpakihgo [2013-06-05]
CHR Extension: (Webroot Filtering Extension) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-08-04]
CHR Extension: (StayFocusd) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-11-05]
CHR Extension: (UglyEmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgiafaliifpknmgofiifianlnbgflgj [2016-06-18]
CHR Extension: (Stop Autoplay for YouTube.) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh [2013-06-05]
CHR Extension: (InvisibleHand) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2016-07-13]
CHR Extension: (AwardWallet) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lppkddfmnlpjbojooindbmcokchjgbib [2016-05-12]
CHR Extension: (Yahoo! Axis) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbilcmekbcocfaiofmdokibplmongfil [2013-06-05]
CHR Extension: (TV Countdown) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\meiipljgihfjofljlgkjiellhjdjchhi [2014-09-11]
CHR Extension: (Chrome Downloads) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhaaapflafeapcmgbphlmealldkomfbe [2013-06-05]
CHR Extension: (Search Box) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni [2013-06-05]
CHR Extension: (Ghostery) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-21]
CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2014-10-20]
CHR Extension: (MailTrack for Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2016-08-11]
CHR Extension: (Save to Pocket) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-07-20]
CHR Extension: (YSlow) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2013-06-05]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-08-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Better Pop Up Blocker) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-06-05]
CHR Extension: (Buffer) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2016-07-29]
CHR Extension: (Original Minimalist Email) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\npppajnlimcafecjepdjcijnoamopngp [2013-06-05]
CHR Extension: (Google Reader Snow Leopard) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhahfkkedakkpdfmjeakfginobldlai [2013-06-05]
CHR Extension: (Readlang Web Reader) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2016-06-28]
CHR Extension: (Facebook Styler) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\oibchndgminbbeopaejobnnajfjgkcnk [2013-06-05]
CHR Extension: (SEO Global For Google Search™) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi [2013-06-05]
CHR Extension: (Google Calendar Checker (by Google)) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2015-02-01]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2016-08-11]
CHR Extension: (WiseStamp - Email Signatures for Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg [2016-06-22]
CHR Extension: (Header Hacker) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\phnffahgegfkcobeaapbenpmdnkifigc [2013-06-05]
CHR Extension: (Evernote Web Clipper) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-06-28]
CHR Extension: (Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13]
CHR Extension: (Chrome Media Router) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-04]
CHR Extension: (Streak CRM for Gmail) - C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-06-22]
CHR Extension: (Media Hint) - C:\Users\SamSwanson\mediahint [2017-02-20] [UpdateUrl: hxxps://127.0.0.1] <==== ATTENTION
CHR HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iahagolkpaghhinaljhjihagjgomdokb] - C:\Users\SamSwanson\AppData\Local\Alexa\atbpg-HyChcu-1.3.crx [2014-04-29]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1244408 2016-10-31] ()
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-10-31] ()
R2 AnonVPN VPN; C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe [127336 2016-05-24] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-10-31] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-01-07] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2014-01-07] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2014-01-07] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe [2005504 2014-01-07] (ASUSTeK Computer Inc.) [File not signed]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-10-13] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-10-13] (COMODO)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-28] (Creative Technology Ltd) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2016-08-15] (Disc Soft Ltd)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1243024 2013-02-11] (Binary Fortress Software)
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2012-12-25] (Arainia Solutions)
R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-11] (Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [153296 2016-06-10] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [478416 2016-06-10] (Intel(R) Corporation)
S2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-10-11] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2000-01-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-02-11] (Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2016-06-29] (Acronis)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-26] (NVIDIA Corporation)
R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-13] (Microsoft Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-06-29] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2017-02-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992056 2017-01-18] (Webroot)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [14936 2012-08-17] (Intel(R) Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-11] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-15] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 AU8168; C:\WINDOWS\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40960 2016-09-08] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [862648 2016-09-08] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [54336 2016-09-08] (COMODO)
R3 DDMF_Audio; C:\WINDOWS\system32\drivers\DDMFaudio.sys [28456 2015-07-15] (DDMF)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-15] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-02-11] ()
R0 FancyRd; C:\WINDOWS\System32\drivers\fancyrd.sys [188352 2012-06-24] (Romex Software)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [366432 2016-10-31] (Acronis International GmbH)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2012-12-25] (Arainia Solutions LLC)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-24] ()
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-22] (REALiX(tm))
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 iLokDrvr; C:\WINDOWS\System32\drivers\iLokDrvr.sys [25808 2013-10-27] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [147304 2016-09-08] (COMODO)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [23832 2012-08-13] (Intel Corporation)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
S3 LoopBe30; C:\WINDOWS\system32\drivers\loopbe30.sys [16896 2011-02-26] (nerds.de)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-03-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-03-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-03-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-03-01] (Malwarebytes)
R3 MBOX; C:\WINDOWS\system32\DRIVERS\AvidMbox.sys [464616 2016-08-15] (Avid)
R3 MBOXDFU; C:\WINDOWS\System32\drivers\AvidMbox_DFU.sys [31464 2016-08-15] (Avid)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [322768 2012-11-15] (Mediafour Corporation)
R0 MDPMGRNT; C:\WINDOWS\System32\DRIVERS\MDPMGRNT.SYS [32464 2012-06-05] (Mediafour Corporation)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [41688 2016-06-10] (Intel Corporation)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-02-25] (SoftEther Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NetTap630; C:\WINDOWS\system32\DRIVERS\nettap630.sys [67800 2016-06-10] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-02-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-10] (NVIDIA Corporation)
R3 OXYGEN; C:\WINDOWS\system32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-02-24] (Greatis Software)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-11-22] (Realtek )
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-02-25] (SoftEther Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 teVirtualMIDI64; C:\WINDOWS\system32\DRIVERS\teVirtualMIDI64.sys [30208 2012-08-16] (Tobias Erichsen)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1267552 2016-10-31] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [193376 2016-10-31] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [601432 2016-10-31] (Acronis International GmbH)
R3 UAD2Pcie; C:\WINDOWS\System32\drivers\UAD2Pcie.sys [82752 2016-11-03] (Universal Audio, Inc.)
R3 UAD2System; C:\WINDOWS\System32\drivers\UAD2System.sys [134464 2016-11-03] (Universal Audio, Inc.)
R3 UAD2WdmAudio; C:\WINDOWS\system32\DRIVERS\UAD2WdmAudio.sys [27968 2016-11-03] ()
R3 VBAudioHFVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_hfvaio64_win7.sys [33512 2014-03-07] (Windows (R) Win 7 DDK provider)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [279392 2016-06-29] (Acronis International GmbH)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [39936 2016-07-16] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2014-01-03] ()
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2017-02-27] (Webroot)
R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66328 2016-10-11] (Webroot)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-11] (Zemana Ltd.)
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 ManyCam; \SystemRoot\system32\DRIVERS\mcvidrv.sys [X]
S3 mcaudrv_simple; \SystemRoot\system32\drivers\mcaudrv_x64.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 14:33 - 2017-03-01 14:33 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Overloud
2017-03-01 14:33 - 2017-03-01 14:33 - 00000000 ____D C:\ProgramData\Overloud
2017-03-01 13:43 - 2017-03-01 13:43 - 00154624 _____ C:\Users\SamSwanson\Desktop\SigLotSizeCalV1.2.xls
2017-03-01 12:43 - 2017-03-01 12:43 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\ESET
2017-02-28 22:48 - 2017-03-01 13:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-28 14:25 - 2017-02-28 14:25 - 00000000 ____D C:\ProgramData\MetaQuotes
2017-02-28 14:24 - 2017-02-28 14:24 - 00002075 _____ C:\Users\Public\Desktop\Tradeo - MetaTrader 4.lnk
2017-02-28 14:24 - 2017-02-28 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradeo - MetaTrader 4
2017-02-28 14:24 - 2017-02-28 14:24 - 00000000 ____D C:\Program Files (x86)\Tradeo - MetaTrader 4
2017-02-27 23:05 - 2017-02-27 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2017-02-25 14:26 - 2017-02-25 14:26 - 00038216 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\Neo6_x64_VPN.sys
2017-02-25 14:23 - 2017-03-01 13:45 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2017-02-25 14:23 - 2017-02-25 14:23 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\vpncmd.exe
2017-02-25 14:23 - 2017-02-25 14:23 - 00051024 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\SeLow_x64.sys
2017-02-25 14:23 - 2017-02-25 14:23 - 00001980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2017-02-25 14:23 - 2017-02-25 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2017-02-24 18:44 - 2017-03-01 13:45 - 00000984 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2017-02-24 18:41 - 2017-02-24 18:41 - 00000000 ____D C:\@RestoreQuarantine
2017-02-24 18:28 - 2017-02-24 23:58 - 00000000 ____D C:\ProgramData\RegRun
2017-02-24 18:27 - 2017-03-01 12:43 - 00000000 ____D C:\Users\SamSwanson\Documents\RegRun2
2017-02-24 18:27 - 2017-02-24 18:27 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2017-02-24 18:27 - 2017-02-24 18:27 - 00003424 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2017-02-24 18:27 - 2017-02-24 18:27 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-02-24 18:27 - 2017-02-24 18:27 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-02-24 18:27 - 2017-02-24 18:27 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-02-24 18:26 - 2017-03-01 10:10 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2017-02-24 18:26 - 2017-02-24 18:30 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-02-24 18:26 - 2017-02-24 18:26 - 00049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2017-02-24 18:26 - 2017-02-24 18:26 - 00014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2017-02-24 18:26 - 2017-02-24 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-02-24 16:57 - 2017-02-24 16:57 - 06971584 _____ (Tim Kosse) C:\Users\SamSwanson\Downloads\FileZilla_3.24.1_win64-setup.exe
2017-02-23 01:05 - 2017-02-23 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 5
2017-02-23 01:05 - 2017-02-23 01:05 - 00000000 ____D C:\Program Files\MetaTrader 5
2017-02-23 01:04 - 2017-02-23 01:05 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\MetaQuotes
2017-02-21 16:25 - 2017-02-21 16:26 - 00000000 ____D C:\ProgramData\SupremoRemoteDesktop
2017-02-21 15:52 - 2017-02-21 16:01 - 00000000 ____D C:\ProgramData\Emsisoft
2017-02-21 15:25 - 2017-02-21 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-21 15:24 - 2017-02-21 15:24 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-21 14:47 - 2017-02-21 14:47 - 00000120 ___RH C:\Users\SamSwanson\Desktop\Stinger.opt
2017-02-21 14:39 - 2017-02-21 14:47 - 00000000 ____D C:\Program Files\stinger
2017-02-21 14:39 - 2017-02-21 14:39 - 00000000 ____D C:\Program Files\McAfee
2017-02-20 21:33 - 2017-02-20 21:33 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\PackageStaging
2017-02-20 21:31 - 2017-02-20 21:31 - 00000000 ____D C:\WINDOWS\Panther
2017-02-20 21:05 - 2017-02-20 21:05 - 00000000 ____D C:\WINDOWS\pss
2017-02-20 21:01 - 2017-02-20 21:01 - 00003786 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-02-20 21:01 - 2017-02-20 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-02-20 21:01 - 2017-02-20 21:01 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-02-20 20:33 - 2017-02-20 20:24 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2017-02-20 20:24 - 2017-02-20 20:24 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-19 17:20 - 2017-02-19 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-19 16:28 - 2017-03-01 17:43 - 00000000 ____D C:\FRST
2017-02-16 11:45 - 2017-02-24 17:06 - 00000869 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2017-02-16 00:59 - 2017-02-16 00:59 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonVPN
2017-02-15 21:57 - 2017-02-15 21:57 - 00002874 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-15 21:52 - 2017-03-01 17:44 - 00000000 ____D C:\Users\SamSwanson\Desktop\Computer fix
2017-02-15 17:34 - 2017-02-15 17:34 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\HomeDev
2017-02-15 17:34 - 2017-02-15 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeDev
2017-02-15 17:34 - 2017-02-15 17:34 - 00000000 ____D C:\Program Files (x86)\HomeDev
2017-02-15 17:26 - 2017-02-15 17:26 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-02-15 17:26 - 2017-02-15 17:26 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2017-02-15 17:05 - 2017-02-15 17:05 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Toshiba Corporation
2017-02-15 17:05 - 2017-02-15 17:05 - 00000000 ____D C:\ProgramData\Toshiba Corporation
2017-02-15 17:04 - 2017-02-15 17:04 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toshiba Corporation
2017-02-15 17:04 - 2017-02-15 17:04 - 00000000 ____D C:\Program Files (x86)\Toshiba Corporation
2017-02-15 17:03 - 2017-02-15 17:04 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\FreshDiagnose
2017-02-15 16:57 - 2017-02-15 16:57 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\JxBrowser
2017-02-13 16:16 - 2017-02-13 16:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-13 14:56 - 2017-02-13 16:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-13 14:26 - 2017-02-13 14:26 - 00100984 _____ C:\Users\SamSwanson\Documents\VME Accounts Gnucash.gnucash.20170213142617.gnucash
2017-02-13 14:24 - 2017-02-13 14:24 - 00100834 _____ C:\Users\SamSwanson\Documents\VME Accounts Gnucash.gnucash.20170213142442.gnucash
2017-02-13 00:03 - 2017-02-13 00:03 - 00000000 ____D C:\ProgramData\Sophos
2017-02-13 00:00 - 2017-02-13 00:00 - 04656523 _____ C:\Users\SamSwanson\Downloads\tdsskiller.zip
2017-02-13 00:00 - 2017-02-13 00:00 - 00208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\55447846.sys
2017-02-12 18:19 - 2017-02-12 18:19 - 00014856 ____N C:\bootsqm.dat
2017-02-11 16:08 - 2017-03-01 13:46 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-11 16:08 - 2017-03-01 13:45 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-11 16:08 - 2017-03-01 13:45 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-11 16:07 - 2017-02-11 16:07 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-11 16:07 - 2017-02-11 16:07 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-11 16:07 - 2017-02-11 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-11 16:07 - 2017-02-11 16:07 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\Program Files\iTunes
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\Program Files\iPod
2017-02-11 15:29 - 2017-03-01 17:44 - 00134454 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-11 15:29 - 2017-03-01 17:44 - 00093083 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-11 15:29 - 2017-02-11 15:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-02-11 15:29 - 2017-02-11 15:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-02-11 15:29 - 2017-02-11 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-11 15:29 - 2017-02-11 15:29 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-02-10 22:40 - 2017-02-10 22:40 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Zemana
2017-02-10 22:39 - 2017-02-10 22:39 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-02-10 22:39 - 2017-02-10 22:39 - 00002398 _____ C:\WINDOWS\system32\.crusader
2017-02-10 22:27 - 2017-02-10 22:27 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-10 22:26 - 2017-02-10 22:39 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-10 20:18 - 2017-02-10 20:18 - 00134080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-10 20:17 - 2017-02-10 20:17 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-10 20:17 - 2017-02-10 20:17 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-10 20:17 - 2017-02-10 20:17 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 20:17 - 2016-12-16 01:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-10 20:17 - 2016-12-16 01:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-10 20:12 - 2017-02-10 20:17 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-10 20:09 - 2017-02-10 20:17 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 28239928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 19008576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 14677272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 11123936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 11019192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 09308896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 08990584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 03167288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 02715072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 01051584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00988608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00960568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00609216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00573120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00447800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-10 20:09 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-02-10 20:09 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-02-10 20:02 - 2017-02-10 20:02 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Chromium
2017-02-10 20:02 - 2017-01-20 19:41 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-02-10 20:01 - 2017-02-10 20:01 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-02-10 19:59 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-02-10 19:59 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-02-10 19:59 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-02-10 19:59 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-02-10 19:59 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-01-26 09:15 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-02-10 19:58 - 2017-02-10 20:01 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-10 19:58 - 2017-02-10 19:59 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-10 19:58 - 2017-02-10 19:59 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-10 19:58 - 2017-02-10 19:59 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-02-10 13:29 - 2017-02-20 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-08 10:43 - 2017-02-10 20:15 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 10:42 - 2017-02-08 10:44 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-08 10:08 - 2017-02-28 15:41 - 00002590 _____ C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2017-02-08 10:08 - 2017-02-28 15:41 - 00002582 _____ C:\Users\SamSwanson\Desktop\Google Chrome Canary.lnk
2017-01-31 00:10 - 2017-02-16 13:28 - 00000000 ____D C:\Users\SamSwanson\AppData\LocalLow\Mozilla

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 17:37 - 2016-08-11 19:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-01 15:42 - 2016-06-13 10:39 - 00000096 _____ C:\Users\SamSwanson\AppData\Roaming\msregsvv.dll
2017-03-01 15:42 - 2014-01-22 13:15 - 00000128 _____ C:\ProgramData\autobk.inc
2017-03-01 15:42 - 2012-12-27 05:17 - 00000000 ____D C:\ProgramData\ValhallaRoom
2017-03-01 13:58 - 2013-05-04 00:13 - 00000000 ___HD C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA
2017-03-01 13:58 - 2012-10-14 18:47 - 00000000 ___HD C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX
2017-03-01 13:56 - 2012-12-24 01:13 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\vlc
2017-03-01 13:53 - 2016-11-23 15:33 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-01 13:49 - 2016-08-11 19:48 - 00829958 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-01 13:47 - 2015-07-24 10:55 - 00000000 ____D C:\ProgramData\WRData
2017-03-01 13:46 - 2012-12-23 13:44 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Ditto
2017-03-01 13:45 - 2016-08-11 19:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-01 13:45 - 2014-06-15 15:30 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 13:45 - 2012-12-26 18:57 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-01 13:45 - 2012-12-23 12:43 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-01 13:44 - 2016-07-16 07:04 - 01835008 _____ C:\WINDOWS\system32\config\BBI
2017-03-01 13:43 - 2012-12-23 10:57 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Packages
2017-03-01 13:11 - 2013-02-28 11:48 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\CrashDumps
2017-03-01 11:24 - 2012-12-24 01:02 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Spotify
2017-03-01 10:32 - 2016-02-15 14:22 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-01 10:18 - 2012-12-23 12:27 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Spotify
2017-03-01 10:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\tracing
2017-03-01 00:07 - 2016-01-11 10:36 - 00000000 ____D C:\Users\Public\Documents\ExponentialAudioLogs
2017-02-27 18:03 - 2016-06-29 15:03 - 00143248 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-02-26 20:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-25 14:58 - 2012-12-23 13:18 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\REAPER
2017-02-25 14:26 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-25 14:03 - 2016-08-12 14:55 - 00000051 _____ C:\Users\SamSwanson\deletedRoute.txt
2017-02-25 14:03 - 2016-08-12 14:54 - 00009424 _____ C:\Users\SamSwanson\AnonVPN.ovpn
2017-02-25 10:26 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 19:51 - 2015-02-14 01:28 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Mp3tag
2017-02-24 18:40 - 2016-08-31 16:31 - 00000000 ____D C:\Program Files\Handbrake
2017-02-24 18:40 - 2014-08-03 21:04 - 00000000 ____D C:\Program Files (x86)\KDNicheFinder
2017-02-24 17:06 - 2012-12-23 13:18 - 00000000 ____D C:\Program Files\REAPER (x64)
2017-02-24 16:58 - 2013-02-17 13:21 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\FileZilla
2017-02-24 11:36 - 2012-12-24 02:10 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\iZotope
2017-02-23 00:26 - 2016-12-14 23:19 - 00000000 ____D C:\Users\SamSwanson\Desktop\Travel Plans
2017-02-22 17:26 - 2012-12-23 12:51 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Dashlane
2017-02-22 17:25 - 2014-03-07 00:23 - 00002013 _____ C:\Users\SamSwanson\Desktop\Dashlane.lnk
2017-02-22 17:25 - 2012-12-23 12:51 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-02-22 14:40 - 2016-06-05 17:05 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-22 09:57 - 2017-01-12 17:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-22 09:57 - 2016-12-03 22:13 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-22 01:23 - 2016-12-03 22:13 - 00003986 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-22 01:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-22 01:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-22 00:10 - 2013-01-09 06:42 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Nitro PDF
2017-02-21 20:08 - 2016-02-27 01:27 - 00000000 ____D C:\AdwCleaner
2017-02-21 17:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-21 16:44 - 2016-12-03 21:06 - 00000000 ____D C:\Program Files\CCleaner
2017-02-21 16:09 - 2016-12-18 13:41 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Electrum
2017-02-21 16:09 - 2015-12-02 13:37 - 03123997 _____ C:\Users\SamSwanson\Desktop\Money 4 Music.epub
2017-02-21 15:32 - 2014-09-16 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Joey Sturgis Tones
2017-02-21 15:32 - 2014-09-16 18:19 - 00000000 ____D C:\Program Files\Joey Sturgis Tones
2017-02-21 15:32 - 2012-12-24 06:19 - 00000000 ____D C:\Program Files\Common Files\VST3
2017-02-21 14:39 - 2016-06-13 17:53 - 00000000 ____D C:\QUARANTINE
2017-02-20 21:36 - 2016-08-11 19:38 - 00000000 ____D C:\Users\SamSwanson
2017-02-20 21:31 - 2012-12-23 10:57 - 00000000 ____D C:\WINDOWS\CSC
2017-02-20 21:29 - 2016-12-05 18:56 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-20 21:28 - 2016-08-11 19:35 - 04961528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-20 21:26 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-20 21:19 - 2016-03-30 16:21 - 00000000 ____D C:\Users\SamSwanson\Desktop\Social Media Course
2017-02-20 21:19 - 2014-06-07 09:57 - 00000000 ____D C:\Users\SamSwanson\mediahint
2017-02-20 21:19 - 2014-04-04 13:18 - 00000000 ____D C:\Users\SamSwanson\Desktop\Drumatom
2017-02-20 21:19 - 2013-08-05 18:07 - 00000000 ____D C:\Users\SamSwanson\Desktop\StudioPhotoShoot
2017-02-20 21:19 - 2013-02-21 13:15 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\DisplayFusion
2017-02-20 21:19 - 2013-01-03 18:33 - 00000000 ____D C:\Users\SamSwanson\Documents\TAX
2017-02-20 21:17 - 2012-12-23 11:50 - 06096688 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-02-20 20:33 - 2012-12-23 12:25 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-20 20:25 - 2016-08-15 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2017-02-20 20:25 - 2016-08-15 15:04 - 00000000 ____D C:\Program Files\Calibre2
2017-02-20 20:24 - 2012-12-23 12:25 - 00000000 ____D C:\Program Files\Java
2017-02-20 20:21 - 2016-08-15 14:52 - 00605984 _____ (www.patchmypc.net) C:\Users\SamSwanson\Desktop\PatchMyPC.exe
2017-02-20 17:51 - 2016-02-15 14:24 - 00007602 _____ C:\Users\SamSwanson\AppData\Local\Resmon.ResmonCfg
2017-02-19 17:20 - 2016-04-21 13:59 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-19 14:24 - 2015-07-15 20:46 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\DDMF Effect Rack
2017-02-19 11:52 - 2014-08-24 11:43 - 00000000 ____D C:\Program Files (x86)\Media Gobbler, Inc
2017-02-19 11:52 - 2013-06-05 10:24 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-19 11:52 - 2012-12-23 13:38 - 00000000 ____D C:\ProgramData\Gobbler
2017-02-18 21:47 - 2013-02-17 14:33 - 00000000 ____D C:\ProgramData\ValhallaUberMod
2017-02-16 17:07 - 2014-02-10 03:09 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Spectrasonics
2017-02-16 11:45 - 2016-11-23 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
2017-02-16 00:59 - 2016-08-12 14:54 - 00001150 _____ C:\Users\SamSwanson\Desktop\AnonVPN.lnk
2017-02-16 00:59 - 2016-08-12 14:54 - 00000000 ____D C:\Program Files (x86)\AnonVPN
2017-02-15 22:06 - 2015-01-11 23:36 - 00007710 _____ C:\WINDOWS\system32\--traceoff
2017-02-15 22:04 - 2012-12-27 22:58 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2017-02-15 22:03 - 2014-09-13 15:35 - 00000000 ____D C:\Program Files\iZotope
2017-02-15 22:03 - 2012-12-25 00:35 - 00000000 ____D C:\Users\SamSwanson\Documents\iZotope
2017-02-15 22:03 - 2012-12-25 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2017-02-15 22:03 - 2012-12-25 00:29 - 00000000 ____D C:\Program Files (x86)\iZotope
2017-02-15 22:03 - 2012-12-24 06:19 - 00000000 ____D C:\Program Files\VSTPlugIns
2017-02-15 22:02 - 2012-12-23 13:11 - 00000000 ____D C:\Program Files (x86)\Growl for Windows
2017-02-15 22:01 - 2014-02-12 13:01 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2017-02-15 22:01 - 2012-12-24 01:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-15 22:00 - 2013-09-12 14:56 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Citrix
2017-02-15 22:00 - 2013-05-24 22:11 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2017-02-15 22:00 - 2013-05-24 22:11 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Copy
2017-02-15 21:59 - 2013-05-26 16:02 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-02-15 18:43 - 2013-06-20 07:57 - 01418640 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-02-15 16:50 - 2013-07-14 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2017-02-15 16:50 - 2013-07-14 23:12 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2017-02-13 15:55 - 2013-01-20 16:48 - 00000000 ____D C:\Users\SamSwanson\.gconfd
2017-02-13 15:41 - 2013-01-20 16:48 - 00000000 ____D C:\Users\SamSwanson\.gconf
2017-02-13 15:14 - 2015-06-13 09:16 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-13 14:26 - 2016-06-13 13:37 - 00100965 _____ C:\Users\SamSwanson\Documents\VME Accounts Gnucash.gnucash
2017-02-12 00:07 - 2013-03-09 22:52 - 00000132 _____ C:\Users\SamSwanson\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-02-11 16:12 - 2012-12-23 13:01 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Skype
2017-02-11 16:07 - 2016-06-05 17:05 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\TeamViewer
2017-02-11 16:07 - 2014-06-15 15:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-11 16:07 - 2012-12-26 18:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-11 16:06 - 2016-08-15 15:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-11 16:06 - 2012-12-23 12:27 - 00000000 ____D C:\ProgramData\Skype
2017-02-11 16:04 - 2016-08-11 19:50 - 00003096 _____ C:\WINDOWS\System32\Tasks\Process Lasso Core Engine Only
2017-02-11 16:04 - 2013-07-10 17:57 - 00000000 ____D C:\Program Files\Process Lasso
2017-02-11 16:04 - 2012-12-23 12:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-11 16:00 - 2016-08-15 14:58 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-11 16:00 - 2016-08-15 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-11 16:00 - 2013-02-21 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-11 12:25 - 2014-01-12 15:06 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\NVIDIA Corporation
2017-02-10 22:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\InputMethod
2017-02-10 22:39 - 2015-06-24 20:14 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\mgyun
2017-02-10 20:20 - 2013-03-14 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-10 20:20 - 2012-12-23 12:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 20:17 - 2016-12-16 01:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-37-0.exe
2017-02-10 20:17 - 2016-12-16 01:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-37-0.exe
2017-02-10 20:17 - 2015-12-01 17:32 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-02-10 20:17 - 2015-12-01 17:32 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-02-10 20:12 - 2012-12-23 12:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 20:11 - 2016-08-11 20:08 - 34974656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-10 20:11 - 2016-08-11 20:08 - 04079032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 20:11 - 2016-08-11 20:08 - 03597640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 20:11 - 2016-07-16 15:29 - 00420408 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-02-10 20:11 - 2012-12-23 12:43 - 00514616 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-10 20:01 - 2013-07-05 05:36 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\NVIDIA
2017-02-10 20:01 - 2012-12-23 12:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-10 18:50 - 2013-09-17 09:45 - 00000000 ____D C:\ProgramData\Ashampoo
2017-02-10 18:50 - 2013-02-23 16:34 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Smart PC Solutions
2017-02-10 18:50 - 2013-02-23 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Solutions
2017-02-10 13:34 - 2016-11-22 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-09 15:39 - 2015-12-20 01:44 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\boost_interprocess
2017-02-09 15:39 - 2012-12-24 02:10 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Celemony Software GmbH
2017-02-08 23:41 - 2012-12-24 06:23 - 00000000 ____D C:\ProgramData\Slate Digital
2017-02-08 19:27 - 2016-03-02 16:15 - 00001919 _____ C:\Users\Public\Documents\Lurssen TimeLimitReadExpiration.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000292 _____ C:\Users\Public\Documents\Lurssen TimeLimitGenerateLockNames Log.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000095 _____ C:\Users\Public\Documents\Lorssen Log.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000069 _____ C:\Users\Public\Documents\Lurssen CopyProt Log.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000008 _____ C:\Users\Public\Documents\Lurssen TimeLimitWriteOneProductSettings.txt
2017-02-08 10:42 - 2017-01-04 15:19 - 01964600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437653.dll
2017-02-08 10:42 - 2017-01-04 15:19 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437653.dll
2017-02-07 17:49 - 2013-06-27 14:37 - 00005632 _____ C:\Users\SamSwanson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-06 20:48 - 2014-08-27 13:28 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 20:31 - 2013-05-26 16:03 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Audacity
2017-02-03 11:38 - 2015-06-30 19:18 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\ssd_sampler
2017-02-02 16:48 - 2012-12-22 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-02-02 16:48 - 2012-12-22 22:13 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2017-02-02 16:47 - 2012-12-22 22:14 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\AVS4YOU
2017-02-02 16:46 - 2012-12-22 22:13 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU

==================== Files in the root of some directories =======

2013-01-09 05:51 - 2012-10-02 21:03 - 2712200 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp.exe
2016-10-29 19:23 - 2016-10-29 19:23 - 2722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2016-10-29 19:23 - 2016-10-29 19:23 - 0056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2013-07-29 18:50 - 2013-07-29 18:50 - 0000132 _____ () C:\Users\SamSwanson\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-06-11 13:27 - 2015-08-13 11:46 - 0000132 _____ () C:\Users\SamSwanson\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-03-09 22:52 - 2017-02-12 00:07 - 0000132 _____ () C:\Users\SamSwanson\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-02-12 22:10 - 2014-02-12 22:10 - 0000005 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_496F4C99-60AD-5b9e-AC1B-FA060E643C04.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000013 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_72024697-2626-4a12-8347-7CAC1834AC3B.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000013 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_D9C6A609-15A1-4768-8E98-6FA00C2547CC.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_F4F01109-C336-401f-BDE4-7C1926744104.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_FAB01109-C336-401f-BDE4-AB1926744111.dll
2014-01-26 19:56 - 2014-01-26 19:56 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_FB9AECF7-F56E-7B2E-A862-9892AA545103.dll
2016-06-13 10:39 - 2017-03-01 15:42 - 0000096 _____ () C:\Users\SamSwanson\AppData\Roaming\msregsvv.dll
2016-04-24 21:15 - 2016-06-09 10:20 - 0033783 _____ () C:\Users\SamSwanson\AppData\Roaming\net.telestream.wirecast.xml
2013-06-27 14:37 - 2017-02-07 17:49 - 0005632 _____ () C:\Users\SamSwanson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-17 14:25 - 2015-03-17 14:25 - 0000600 _____ () C:\Users\SamSwanson\AppData\Local\PUTTY.RND
2016-06-15 14:58 - 2016-06-15 14:58 - 0000218 _____ () C:\Users\SamSwanson\AppData\Local\recently-used.xbel
2016-02-15 14:24 - 2017-02-20 17:51 - 0007602 _____ () C:\Users\SamSwanson\AppData\Local\Resmon.ResmonCfg
2014-01-22 13:15 - 2017-03-01 15:42 - 0000128 _____ () C:\ProgramData\autobk.inc
2016-08-11 19:35 - 2016-08-11 19:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-22 11:21 - 2014-01-22 11:21 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-01-22 02:03 - 2014-01-22 02:04 - 0000454 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-03 11:42 - 2017-01-03 10:19 - 0000253 _____ () C:\ProgramData\SoundToys_Problem_Log.txt

Some files in TEMP:
====================
2017-03-01 10:32 - 2016-12-09 12:17 - 1886344 _____ (Microsoft Corporation) C:\Users\SamSwanson\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-21 11:10

==================== End of FRST.txt ============================
Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by SamSwanson (01-03-2017 17:44:34)
Running from C:\Users\SamSwanson\Desktop\Computer fix
Windows 10 Pro Version 1607 (X64) (2016-08-11 18:53:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3236326594-2611474830-2656184370-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3236326594-2611474830-2656184370-503 - Limited - Disabled)
Guest (S-1-5-21-3236326594-2611474830-2656184370-501 - Limited - Disabled)
SamSwanson (S-1-5-21-3236326594-2611474830-2656184370-1001 - Administrator - Enabled) => C:\Users\SamSwanson

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

+10db version 1.0.4 (HKLM\...\+10db_is1) (Version: 1.0.4 - Boz Digital Labs)
112dB Big Blue Compressor 1.0.3-r3719 (HKLM\...\112dB Big Blue Compressor 1.0.3-r3719) (Version: 1.0.3-r3719 - 112dB)
112dB Big Blue Limiter 1.1.3-r3719 (HKLM\...\112dB Big Blue Limiter 1.1.3-r3719) (Version: 1.1.3-r3719 - 112dB)
112dB Redline Equalizer 1.0.5-r3719 (HKLM\...\112dB Redline Equalizer 1.0.5-r3719) (Version: 1.0.5-r3719 - 112dB)
112dB Redline Reverb 1.0.10-r3810 (HKLM\...\112dB Redline Reverb 1.0.10-r3810) (Version: 1.0.10-r3810 - 112dB)
2C-Audio Aether (HKLM-x32\...\Aether) (Version: - )
2C-Audio Breeze (HKLM-x32\...\Breeze) (Version: - 2C-Audio)
6030 Ultimate Comp Native (HKLM-x32\...\{96B75FC3-D48A-4F8B-8BC7-5C2728797E4E}) (Version: 6.0.9 - McDSP)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
AATranslator (HKLM-x32\...\{7400C259-1F2E-4FF2-9037-860BF239F39D}) (Version: 4.0.0.2 - Suite Spot Studios)
Abbeyroadplugins EMI Brilliance Pack VST RTAS v1.0.6 (HKLM-x32\...\Abbeyroadplugins EMI Brilliance Pack VST RTAS_is1) (Version: - )
Abbeyroadplugins EMI RS 124 Compressor VST RTAS v1.0.1 (HKLM-x32\...\Abbeyroadplugins EMI RS 124 Compressor_is1) (Version: - )
Abbeyroadplugins EMI TG 12413 Limiter VST RTAS v2.0.1 (HKLM-x32\...\Abbeyroadplugins EMI TG 12413 Limiter VST RTAS_is1) (Version: - )
Abbeyroadplugins EMI TG Mastering Pack VST RTAS v1.0.2 (HKLM-x32\...\Abbeyroadplugins EMI TG Mastering Pack VST RTAS_is1) (Version: - )
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Acronis True Image (HKLM-x32\...\{E5F28743-0DB5-42C1-8B70-5986D88C0BE0}Visible) (Version: 19.0.6581 - Acronis)
Acronis True Image (x32 Version: 19.0.6581 - Acronis) Hidden
acustica AcquaVox (HKLM-x32\...\AcquaVox) (Version: - )
Acustica Audio D361A (HKLM-x32\...\D361A Win x64) (Version: 1.3.609.0 - Acustica Audio)
Acustica Audio EQP1 (HKLM-x32\...\EQP1 Win x64) (Version: 1.3.606.0 - Acustica Audio)
Acustica Audio NEO (HKLM-x32\...\NEO Win x64) (Version: 1.3.606.0 - Acustica Audio)
Acustica Audio REDEQ (HKLM-x32\...\REDEQ Win x64) (Version: 1.3.760.0 - Acustica Audio)
Acustica Audio TAN (HKLM-x32\...\TAN Win x64) (Version: 1.4.072.0 - Acustica Audio)
Acustica Audio TITANIUM3B (HKLM-x32\...\TITANIUM3B Win x64) (Version: 1.3.827.0 - Acustica Audio)
Acustica Audio TRINITYEQ (HKLM-x32\...\TRINITYEQ Win x64) (Version: 1.3.687.0 - Acustica Audio)
AcusticaAudio Nebula3 (HKLM-x32\...\Nebula3) (Version: - )
Adobe After Effects CS4 (HKLM-x32\...\Adobe_3dcb365ab9e01871fb8c6f27b0ea079) (Version: 9 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{A2116AF9-FA9D-41EA-9874-1E40B227D4DE}) (Version: 12.2.5.195 - Adobe Systems, Inc)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.02 - ASUSTeK Computer Inc.)
Altiverb 7 Uninstaller (HKLM\...\{367662CA-394A-4095-9549-973FC3807B9B}_is1) (Version: 7.2 - Audio Ease BV)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Amazon Kindle) (Version: - Amazon)
AmpegSVX (HKLM-x32\...\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}) (Version: 1.1.3 - IK Multimedia)
AmpliTube 3 version 3.11.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.11.0 - IK Multimedia)
AmpliTube 4 version 4.0.1 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.1 - IK Multimedia)
AnonVPN 1.0.5.5 (HKLM-x32\...\AnonVPN) (Version: 1.0.5.5 - AnonVPN.io)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version: - )
Antares AVOX Evo VST RTAS v3.0.2 (HKLM-x32\...\Antares AVOX Evo VST RTAS_is1) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARC System 2 version 2.1.0 (HKLM\...\{4952A610-D484-4F6A-B1B4-33797CFDB821}_is1) (Version: 2.1.0 - IK Multimedia)
ArcSoft Portrait+ 3 (HKLM-x32\...\{40BB5B1A-6008-4348-8C24-116B654C7ECD}) (Version: 3.0.0.401 - ArcSoft)
ARIA Engine v1.8.4.8 (HKLM\...\ARIA Engine_is1) (Version: v1.8.4.8 - Plogue Art et Technologie, Inc)
Articulate Storyline (x32 Version: 1.02.02 - Articulate) Hidden
ASIO Bridge and Hi-Fi Cable (HKLM-x32\...\VB:ASIOBridge {17359A74-1236-5467}) (Version: - VB-Audio Software)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Assassin's Creed(R) III v1.03 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.03 - Ubisoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
atomiccleaner3 version 1.3.4.1 (HKLM-x32\...\{0D6AB211-A181-4F42-AEB4-127C40BF67EF}_is1) (Version: 1.3.4.1 - atomicware)
AudioEase Altiverb VST RTAS v6.12 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version: - )
AudioEase Speakersphone VST RTAS v1.03 (HKLM-x32\...\AudioEase Speakersphone VST RTAS_is1) (Version: - Audio Ease)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.10 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{01C898E1-38A7-49B1-9398-49E40636E2C5}) (Version: 9.0 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3.10 - Avid Technology, Inc.)
Avid Mbox Driver 1.1.10 (x64) (HKLM\...\{35BAD2B7-E2EF-4A06-80A2-C6C2F23B8F3E}) (Version: 1.1.10 - Avid)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.10 - Avid Technology, Inc.)
AVOX Evo VST (HKLM-x32\...\{65AA5B18-A330-4F35-BCDF-EA85EC888906}) (Version: 3.0.0 - Antares Audio Technologies)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.0.5.510 - Online Media Technologies Ltd.)
Black Rooster Audio Plugin Pack (HKLM\...\Black Rooster Audio Plugin Pack_is1) (Version: - Black Rooster Audio)
BWF MetaEdit 1.3.0 (HKLM\...\BWF MetaEdit) (Version: 1.3.0 - FADGI)
calibre 64bit (HKLM\...\{82EA8033-0AE6-4C1A-91B6-D24BED49AB73}) (Version: 2.79.1 - Kovid Goyal)
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Camtasia Studio 8 (HKLM-x32\...\{2B1F8DD0-873D-4AC3-8400-766F255FE263}) (Version: 8.1.0.1281 - TechSmith Corporation)
Carbonite (HKLM-x32\...\{C7D98EFB-A351-4098-B474-1A5B362DB648}) (Version: 6.2.2 build 6819 (Jan-25-2017) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
CDSoundMaster NICE-EQ-VST-TUBE-FREE (HKLM-x32\...\NICE-EQ-VST-TUBE-FREE) (Version: - )
CDSoundMaster N-TEN-AT4-Bell-Free-64 (HKLM-x32\...\N-TEN-AT4-Bell-Free-64) (Version: - )
CDS-VTC-FREE-PC-VST-64-BIT THE-VINTAGE-TUBE-COLLECTION-FREE-PC-VST-64-BIT (HKLM-x32\...\THE-VINTAGE-TUBE-COLLECTION-FREE-PC-VST-64-BIT) (Version: - )
Celemony Melodyne Studio 4 (HKLM-x32\...\Celemony Melodyne Studio 4) (Version: 4.0.4.004 - Celemony)
COMODO Internet Security (HKLM\...\{0E9AFD45-C3BA-41D1-B54B-495A22CB3409}) (Version: 6.0.64131.2674 - COMODO Security Solutions Inc.)
CP Control (HKLM-x32\...\CP Control) (Version: - )
CrystalDiskInfo 7.0.5 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
D16 Group Repeater (HKLM\...\Repeater_is1) (Version: 1.0.0 - D16 Group)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dashlane (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Dashlane) (Version: 4.6.7.25343 - Dashlane SAS)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
Diamond Cut Forensics8 (HKLM-x32\...\{38C8BBB6-716E-4486-A386-C8D3242959C5}) (Version: 8.10 - Diamond Cut Productions)
DisplayFusion 5.0 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.0.0.0 - Binary Fortress Software)
Ditto (HKLM-x32\...\Ditto_is1) (Version: - Scott Brogden)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DMG Audio Track Range (HKLM\...\Track Range_is1) (Version: 1.0.0 - DMG Audio)
DMGAudio EQuilibrium 1.04 (HKLM-x32\...\DMGAudio EQuilibrium_is1) (Version: - DMGAudio)
DMGAudio Essence 1.00 (HKLM-x32\...\DMGAudio Essence_is1) (Version: - DMGAudio)
DMGAudio Limitless 1.00 (HKLM-x32\...\DMGAudio Limitless_is1) (Version: - DMGAudio)
DragonDisk 1.05 (HKLM-x32\...\{7914B94-1234-44D2-0864-0348EBF012AC}_is1) (Version: - Almageste)
Dropbox (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Dropbox) (Version: 2.10.46 - Dropbox, Inc.)
Drum Leveler version 1.0.0 (HKLM\...\{94B8FDA3-877B-4EB8-A3E9-5D476329F15D}_is1) (Version: 1.0.0 - Sound Radix)
East West Stormdrum Intakt (HKLM-x32\...\East West Stormdrum Intakt) (Version: - )
Easy Tune 6 B12.0912.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0912.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ElastikVst (HKLM-x32\...\{92F027CB-BDF9-4047-A654-13A050908158}) (Version: 1.00.0000 - ueberschall sample service GmbH)
ElastikVst (x32 Version: 1.00.0000 - ueberschall sample service GmbH) Hidden
Electrum (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Electrum) (Version: 2.7.12 - Electrum Technologies GmbH)
EmpressPlugins.Tremolo.VST.v1.0 (HKLM-x32\...\EmpressPlugins Tremolo_is1) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Flux) (Version: - )
FabFilter Pro-C 2.00 (64-bit) (HKLM-x32\...\FabFilter Pro-C 2.00 (64-bit)) (Version: - )
FG-X (HKLM\...\Slate Digital FG-X_is1) (Version: - Slate Digital)
FG-X Virtual Mastering Console (HKLM\...\FG-X Virtual Mastering Console_is1) (Version: - Slate Digital)
Fidelify (HKLM-x32\...\Fidelify) (Version: - )
FileMenu Tools (HKLM\...\FileMenu Tools_is1) (Version: - LopeSoft - Rubén López Hernández)
FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Flux Full Pack 2.2 (HKLM\...\Full Pack 2.2_is1) (Version: 3.5.25.44238 - Flux)
Flux Junger Audio Level Magic 5.1 (HKLM-x32\...\Flux Junger Audio Level Magic 5.1) (Version: 3.4.6 - Flux)
Folder Marker Free (HKLM\...\Folder Marker Free_is1) (Version: 3.2 - ArcticLine Software)
Genwaveaudio Genwave EQ VST v1.0 (HKLM-x32\...\Genwaveaudio Genwave EQ VST_is1) (Version: - )
GIZMO (HKLM-x32\...\{D0529F5A-C45C-40C0-8457-6A5AF24ABC6E}) (Version: 3.21.4000 - ants Inc.)
Gizmo Central (HKLM-x32\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
GnuCash 2.4.11 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team)
Gobbler (HKLM-x32\...\{C7CE54DC-7AD2-48A8-BB2E-F7C6A8E40BB5}) (Version: 0.21.75.0 - Media Gobbler, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Google Chrome SxS) (Version: 58.0.3026.0 - Google Inc.)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.31.0.6291 (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\GoToMeeting) (Version: 7.31.0.6291 - CitrixOnline)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Head Crusher version 1.6 (HKLM\...\Head Crusher_is1) (Version: 1.6 - )
Helium Audio Converter (build 461) (HKLM-x32\...\{8CF3206B-6330-42D6-B35E-CA7098337CB8}_is1) (Version: 2.0.0.461 - Imploded Software)
HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software)
HoRNet AutoGain Pro MK2 (HKLM\...\AutoGain Pro MK2_is1) (Version: 2.0.1 - HoRNet)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
iLok Client Helper (HKLM-x32\...\InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}) (Version: 5.9.7 - PACE Anti-Piracy, Inc.)
iLok Client Helper (x32 Version: 5.9.7 - PACE Anti-Piracy, Inc.) Hidden
Imperial Delay version 1.5.8 (HKLM\...\Imperial Delay_is1) (Version: 1.5.8 - )
Intel Extreme Tuning Utility (HKLM-x32\...\{7360EE49-7004-4626-A85A-CC48C2D63700}) (Version: 3.2.0.24 - Intel Corporation)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{A7D3C4B3-2CA8-46F3-9C34-63205AC018FF}) (Version: 17.0.109 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Network Connections 18.6.110.0 (HKLM\...\PROSetDX) (Version: 18.6.110.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{DE788AD4-F7CE-4995-ADF8-56174A7B613C}) (Version: 3.0.41.1571 - Intel)
Intel(R) Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
Intel(R) Technology Access Software Asset Manager (x32 Version: 3.4.1942 - Intel Corporation) Hidden
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
ISL (HKLM\...\ISL_is1) (Version: - NUGEN Audio)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
IVGI version 1.0.0 (HKLM\...\IVGI_is1) (Version: 1.0.0 - )
Ivideon Server (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Ivideon Server) (Version: 3.5.6.1213 - Ivideon)
iZotope BreakTweaker (HKLM-x32\...\iZotope BreakTweaker_is1) (Version: 1.00 - iZotope, Inc.)
iZotope BreakTweaker Factory Content (HKLM-x32\...\iZotope BreakTweaker Factory Content_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Insight (HKLM-x32\...\iZotope Insight_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.00 - iZotope, Inc.)
iZotope Ozone 6 Advanced (HKLM-x32\...\iZotope Ozone 6 Advanced_is1) (Version: 6.00 - iZotope, Inc.)
iZotope Ozone 7 Advanced (HKLM-x32\...\iZotope Ozone 7 Advanced 7.00) (Version: 7.00 - iZotope, Inc.)
iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.01 - iZotope, Inc.)
iZotope Trash 2 (HKLM-x32\...\iZotope Trash 2_is1) (Version: 2.00 - iZotope, Inc.)
iZotope Vinyl (HKLM-x32\...\iZotope Vinyl_is1) (Version: 1.61 - iZotope, Inc.)
iZotope VocalSynth (HKLM-x32\...\VocalSynth 1.0) (Version: 1.0 - iZotope, Inc.)
Jack (HKLM-x32\...\Jack) (Version: - )
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Kazrog LLC Recabinet 3 VST RTAS v3.1.0 (HKLM\...\Kazrog LLC Recabinet 3_is1) (Version: - )
KD Niche Finder (HKLM-x32\...\KD Niche Finder1.0.0.2) (Version: 1.0.0.2 - AppBreed Software of InnAnTech Industries Inc.)
KDPublishingPro (HKLM-x32\...\{067A07C1-7A31-4881-B53D-DF4CBB865112}) (Version: 1.4.12 - KDPublishingPro.com)
KDPublishingPro (HKLM-x32\...\{215E8D21-F375-4D03-A31F-79CBE44FFB4A}) (Version: 1.2.8 - KDPublishingPro.com)
KDSubmitterPro (HKLM-x32\...\{E1817648-6DF6-400F-BD1B-B5D9E9BD745D}) (Version: 1.0.0 - KDSubmitterPro.com)
Kindle DRM Removal (HKLM-x32\...\KindleDRMRemoval) (Version: 1.4.1 - eBook Converter)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
K-Lite Codec Pack 9.6.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.6.0 - )
K-Lite Codec Pack 9.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.0 - )
Kush Audio Clariphonic v1.0 (HKLM\...\Clariphonic_is1) (Version: - Kush Audio)
Lexicon PSP 42 64bit (HKLM\...\Lexicon PSP 42 64bit) (Version: 1.6.2 64bit - PSPaudioware.com)
Liquid Notes version 1.5.2.1 (HKLM\...\{5AC1D63D-6772-417E-B7B8-1E5F686D9703}_is1) (Version: 1.5.2.1 - Re-Compose)
Litecoin (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Litecoin) (Version: 0.8.5.1 - Litecoin project)
Litecoin Core (64-bit) (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Litecoin Core (64-bit)) (Version: 0.10.4.0 - Litecoin Core project)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LoopBe30 - Internal MIDI Ports (HKLM-x32\...\LoopBe30) (Version: - )
Lurssen Mastering Console version 1.0.0 (HKLM\...\{9F525466-89DA-4B7B-BD8C-BBFDC4432DFB}_is1) (Version: 1.0.0 - IK Multimedia)
M30 Reverb (HKLM-x32\...\M30 Reverb) (Version: 1.0.0.1 - TC Electronic)
MacDrive 9 Pro (HKLM\...\{C1521748-8700-4CA0-92F1-46CE26DEDC7D}) (Version: 9.0.4.21 - Mediafour Corporation)
Magic AB VST-x64 1.2.2 (HKLM\...\{6893EEE5-B48F-47a9-81DC-CD54E7767B35}) (Version: 1.2.2 - Sample Magic)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manic Compressor version 1.0.3 (HKLM\...\Manic Compressor_is1) (Version: 1.0.3 - )
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.92.51 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.92.51 - Alliance Software Pty Ltd) Hidden
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1027 - Marvell)
Massey VST Demos (Remove only) (HKLM-x32\...\Massey VST Demos) (Version: - )
MathewLane DrMS Spatial Processor VST RTAS v3.2 (HKLM-x32\...\MathewLane DrMS Spatial Processor_is1) (Version: - )
M-Audio Oxygen Driver 1.2.1 (x64) (HKLM\...\{6F0B8408-835B-4A55-A429-EB899AD68467}) (Version: 1.2.1 - M-Audio)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.0.3.1000 - Maxthon International Limited)
McGill English Dictionary of Rhyme & Verse Perfect 2.0 (HKLM-x32\...\McGill English Dictionary of Rhyme with VersePer~286A7AE6_is1) (Version: - Bryant McGill / McGill International)
MeldaProduction Audio Plugins 10 (HKLM-x32\...\MeldaProduction Audio Plugins 10) (Version: - MeldaProduction)
MeldaProduction MTotalBundle64 8 (HKLM-x32\...\MeldaProduction MTotalBundle64 8) (Version: - MeldaProduction)
Melodyne 3.2 (HKLM-x32\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.2.0202 - Celemony Software GmbH)
Melodyne 3.2 (x32 Version: 3.2.0202 - Celemony Software GmbH) Hidden
MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
Mic Mod EFX VST (HKLM-x32\...\{A77728D4-DF6E-42A9-926C-5164BBF1EA72}) (Version: 1.0.4 - Antares Audio Technologies)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
MJUC version 1.0.1 (HKLM\...\MJUC_is1) (Version: 1.0.1 - )
MJUCjr version 1.0.0 (HKLM\...\MJUCjr_is1) (Version: 1.0.0 - )
Mobile Hotspot Admin (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Monofilter v4.0 (HKLM\...\Monofilter4_is1) (Version: - NUGEN Audio)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
Nalpeiron Service Update to 6.3.9.2 (x32 Version: 7.3.1 - Nalpeiron) Hidden
Native Instruments Abbey Road 50s Drummer (HKLM-x32\...\Native Instruments Abbey Road 50s Drummer) (Version: 1.2.0.10 - Native Instruments)
Native Instruments Abbey Road 60s Drums (HKLM-x32\...\Native Instruments Abbey Road 60s Drums) (Version: - Native Instruments)
Native Instruments Alicias Keys 1.2 (HKLM-x32\...\Native Instruments Alicias Keys 1.2) (Version: - Native Instruments)
Native Instruments Battery 4 (HKLM-x32\...\Native Instruments Battery 4) (Version: 4.1.5.254 - Native Instruments)
Native Instruments Damage (HKLM-x32\...\Native Instruments Damage) (Version: - Native Instruments)
Native Instruments Elektrik Piano 1.5 (HKLM-x32\...\Native Instruments Elektrik Piano 1.5) (Version: - )
Native Instruments India (HKLM-x32\...\Native Instruments India) (Version: 1.0.0.31 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.5.13 - Native Instruments)
Native Instruments Session Horns Pro (HKLM-x32\...\Native Instruments Session Horns Pro) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Symphony Series Brass Solo (HKLM-x32\...\Native Instruments Symphony Series Brass Solo) (Version: 1.1.0.19 - Native Instruments)
Native Instruments Symphony Series String Ensemble (HKLM-x32\...\Native Instruments Symphony Series String Ensemble) (Version: 1.1.0.7 - Native Instruments)
Native Instruments Symphony Series Woodwind Solo (HKLM-x32\...\Native Instruments Symphony Series Woodwind Solo) (Version: 1.0.0.11 - Native Instruments)
Native Instruments The Giant (HKLM-x32\...\Native Instruments The Giant) (Version: 1.2.0.7 - Native Instruments)
Native Instruments The Grandeur (HKLM-x32\...\Native Instruments The Grandeur) (Version: 1.2.0.2 - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version: - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: - Native Instruments)
nebula3 CM (HKLM-x32\...\{5354D5F2-342D-43DD-A361-B65BF7AABE1D}) (Version: 1.2.837 - Acusticaaudio)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Neutron Advanced (HKLM-x32\...\Neutron Advanced 1.0) (Version: 1.0 - iZotope, Inc.)
NF VST 64-bit Installer (HKLM-x32\...\NF VST 64-bit Installer1.0.3) (Version: 1.0.3 - Nomad Factory)
Nitro Pro 8 (HKLM\...\{47B42E7A-57E9-407B-8DBB-017B86D7B13F}) (Version: 8.5.2.10 - Nitro)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Output Movement (HKLM-x32\...\Output Movement) (Version: 1.0.3 - Output)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.2.1.0324 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.2.1.0324 - PACE Anti-Piracy, Inc.) Hidden
PatchCleaner (HKLM-x32\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev)
PCM Native Reverb Bundle (HKLM-x32\...\PCM Native Reverb Bundle) (Version: - Lexicon)
PCM Native Reverb Bundle (x32 Version: 1.1.3 - Lexicon) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Pi version 1.0.11 (HKLM\...\{CFA5721A-9AA1-4D77-BBC2-78E40216FDAB}_is1) (Version: 1.0.11 - Sound Radix)
PITCHMAP VST-x64 1.6.1 (HKLM\...\{F9754DD6-985B-4e93-A96B-837EE5415F61}) (Version: 1.6.1 - Zynaptiq)
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Plogue chipsounds v1.848 (HKLM\...\__ARIA_1009___is1) (Version: v1.848 - Plogue)
Plogue chipspeech v1.016 (HKLM\...\__ARIA_1017___is1) (Version: v1.016 - Plogue)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Primo Ramdisk Server Edition 5.6.0 (HKLM\...\{94B97E1E-9B67-4012-A126-6319E211A298}_is1) (Version: 5.6.0 - Romex Software)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 8.9.8.94 - Bitsum)
PSP 2Meters 64bit (HKLM-x32\...\PSP 2Meters 64bit) (Version: 2.0.0 64bit - PSPaudioware.com)
PSP 608 MultiDelay 64bit (HKLM\...\PSP 608 MultiDelay 64bit) (Version: 1.6.1 64bit - PSPaudioware.com)
PSP 85 64bit (HKLM-x32\...\PSP 85 64bit) (Version: 1.1.0 64bit - PSPaudioware.com)
PSP BussPressor 64bit (HKLM\...\PSP BussPressor 64bit) (Version: 1.0.3 64bit - PSPaudioware.com)
PSP Echo 64bit (HKLM\...\PSP Echo 64bit) (Version: 1.0.1 64bit - PSPaudioware.com)
PSP MasterComp 1.7.1 64bit (HKLM-x32\...\PSP MasterComp 1.7.1 64bit) (Version: 1.7.1 64bit - PSPaudioware.com)
PSP McQ 64bit (HKLM-x32\...\PSP McQ 64bit) (Version: 1.8.0 64bit - PSPaudioware.com)
PSP Neon 64bit (HKLM\...\PSP Neon 64bit) (Version: 2.0.3 64bit - PSPaudioware.com)
PSP NobleQ 64bit (HKLM\...\PSP NobleQ 64bit) (Version: 1.7.0 64bit - PSPaudioware.com)
PSP oldTimer 64bit (HKLM\...\PSP oldTimer 64bit) (Version: 2.0.0 64bit - PSPaudioware.com)
PSP PianoVerb2 64bit (HKLM-x32\...\PSP PianoVerb2 64bit) (Version: 2.0.0 64bit - PSPaudioware.com)
PSP SpringBox 64bit (HKLM-x32\...\PSP SpringBox 64bit) (Version: 1.0.0 64bit - PSPaudioware.com)
PSP Xenon 1.3.0 64bit (HKLM-x32\...\PSP Xenon 1.3.0 64bit) (Version: 1.3.0 64bit - PSPaudioware.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.3.0 (64-bit) (HKLM\...\{290329c4-a276-3aec-b633-9f5a39d8dd96}) (Version: 3.3.150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Rank Tracker (HKLM-x32\...\seopowersuite) (Version: - )
Rapid SEO Tool 1.3 (HKLM-x32\...\Rapid SEO Tool_is1) (Version: 1.3 - Karlis Blumentals)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Reference 3 VST plugin (32-bit) 3 (HKLM-x32\...\{7627424F-7CB0-471B-AB55-A39F6995C4F0}) (Version: 3.2.11 - Sonarworks)
Reference 3 VST plugin (64-bit) 3 (HKLM\...\{510D6D02-214D-4264-A4FD-96DBD82ACFED}) (Version: 3.2.11 - Sonarworks)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
Relab LX480 Lite VST v1.0 (HKLM-x32\...\Relab LX480 Lite_is1) (Version: - )
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Rhyme Genie (HKLM-x32\...\{E48A1AFC-5649-4CC2-B8E1-BD92022C4CC4}) (Version: 6.0 - Idolumic)
RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software)
Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version: - John Mulcahy)
Sasquatch version 1.2.0 (HKLM\...\Sasquatch_is1) (Version: 1.2.0 - )
SEQ1 Master (HKLM-x32\...\SEQ1 Master_is1) (Version: - NuGen Audio)
SEQ2 Master (HKLM-x32\...\SEQ2 Master_is1) (Version: - NuGen Audio)
SEQ-S (HKLM\...\SEQ-S_is1) (Version: - NUGEN Audio)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
S-GEAR 2 (HKLM\...\S-GEAR 2 CE_is1) (Version: 2.5.7 - Scuffham Amps)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SideWidener version 1.0.2 (HKLM\...\SideWidener_is1) (Version: 1.0.2 - )
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\slack) (Version: 2.1.0 - Slack Technologies)
Slate Digital TRIGGER (HKLM-x32\...\SlateDigitalTrigger) (Version: 1.65 - Slate Digital)
Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
Sniper Elite (HKLM-x32\...\Steam App 3700) (Version: - Rebellion Developments)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - )
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
Softube Acoustic Feedback VST RTAS v1.0.7 (HKLM-x32\...\Softube Acoustic Feedback VST RTAS_is1) (Version: - )
Softube Bass Amp Room VST RTAS v1.0.2 (HKLM-x32\...\Softube Bass Amp Room VST RTAS_is1) (Version: - )
Softube FET Compressor VST RTAS v1.0.3 (HKLM-x32\...\Softube FET Compressor VST RTAS_is1) (Version: - )
Softube Metal Amp Room VST RTAS v1.1.5 (HKLM-x32\...\Softube Metal Amp Room VST RTAS_is1) (Version: - )
Softube Passive-Active Pack VST RTAS v1.0.2 (HKLM-x32\...\Softube Passive-Active Pack VST RTAS_is1) (Version: - )
Softube Spring Reverb VST RTAS v1.0.4 (HKLM-x32\...\Softube Spring Reverb VST RTAS_is1) (Version: - )
Softube Trident A-Range VST RTAS v1.0.2 (HKLM-x32\...\Softube Trident A-Range VST RTAS_is1) (Version: - )
Softube Tube Delay VST RTAS v1.0.5 (HKLM-x32\...\Softube Tube Delay VST RTAS_is1) (Version: - )
Softube Tube-Tech CL 1B VST RTAS v1.0.3 (HKLM-x32\...\Softube Tube-Tech CL 1B VST RTAS_is1) (Version: - )
Softube Vintage Amp Room VST RTAS v1.0.8 (HKLM-x32\...\Softube Vintage Amp Room VST RTAS_is1) (Version: - )
Sonalksis Plug-in Manager 3.00 (HKLM-x32\...\{7A600039-FED6-4C81-AA6E-F151F7FA7EE7}_is1) (Version: - Sonalksis Ltd)
Sonarworks HD reference 2.2 (HKLM-x32\...\{F76463A9-42A2-47D5-B7D4-8838523E64E4}) (Version: 2.2.12.30 - Sonarworks)
Sonarworks HD Reference VST plugin (64-bit) 2.2 (HKLM\...\{3F08FE5F-23E4-423B-A929-8247E4D5193A}) (Version: 2.2.12.30 - Sonarworks)
Sonarworks Reference 3 (HKLM-x32\...\{E8A1DAEE-C491-4833-8D3B-AA8F3E0098AE}) (Version: 3.2.11 - Sonarworks)
SONiVOX Harmonica (HKLM-x32\...\SONiVOX Harmonica) (Version: 1.0 - SONiVOX)
SONiVOX VocalizerPro (HKLM-x32\...\SONiVOX VocalizerPro_is1) (Version: - )
Sonoris Mastering Compressor (HKLM-x32\...\Sonoris Mastering Compressor) (Version: - Sonoris Audio Engineering)
Sound Blaster X-Fi MB 2 (HKLM-x32\...\{44DA67A9-C906-4316-94CB-61B036BBDCE5}) (Version: 1.04.02 - Creative Technology Limited)
SoundToys Native Effects VST RTAS v3.1.2 (HKLM-x32\...\SoundToys Native Effects VST RTAS_is1) (Version: - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
SSD Sampler (HKLM-x32\...\SSD4) (Version: 1.1 - Yellow Matter Entertainment)
SSD Utility (HKLM-x32\...\{3449D0CA-9D99-472B-B36C-A32A58AF18F5}) (Version: 2.2.2645 - Toshiba Corporation)
SSDlife Pro (HKLM-x32\...\{3D843494-7DC4-47C9-9E95-3543F0A4E7BC}) (Version: 2.3.56 - BinarySense Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stereoizer3 v3.1 (HKLM\...\Stereoizer3_is1) (Version: - NUGEN Audio)
Stereoplacer v3 (HKLM\...\Stereoplacer3_is1) (Version: - NUGEN Audio)
Sugar Bytes Looperator 1.0 (HKLM\...\Looperator_is1) (Version: 1.0 - Sugar Bytes)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Surfer EQ version 1.2.2 (HKLM\...\{B8D2A156-B2DE-47BD-9789-F1A850F060C1}_is1) (Version: 1.2.2 - Sound Radix)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tag&Rename 3.7 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7 - Softpointer Inc)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Glue (HKLM\...\The Glue_is1) (Version: 1.2.8 - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd)
ToneBoosters Morphit (HKLM\...\Morphit_is1) (Version: 1.1.4 - ToneBoosters)
Tracker (HKLM-x32\...\com.elance.tracker) (Version: 2.3.3 - Elance Inc)
Tracker (x32 Version: 2.3.3 - Elance Inc) Hidden
T-RackS 3 Black 76 version 3.5 (HKLM\...\{7F0FEB55-6D4A-4892-8A04-3E1EC9001F49}_is1) (Version: 3.5 - IK Multimedia)
T-RackS 3 White 2A version 3.5 (HKLM\...\{4EE378E8-5B8C-4A56-837F-04986F44F14F}_is1) (Version: 3.5 - IK Multimedia)
T-RackS CS version 4.5.0 (HKLM\...\{E931EBCC-55F9-4D67-BA0E-D57C4A893A44}_is1) (Version: 4.5.0 - IK Multimedia)
Trackspacer (HKLM\...\Trackspacer_is1) (Version: 2.0.4 - Wavesfactory)
Tradeo - MetaTrader 4 (HKLM-x32\...\Tradeo - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Transify version 1.3 (HKLM\...\Transify_is1) (Version: 1.3 - )
TuneSmith (HKLM-x32\...\{9061CD4C-6D8A-465B-A2DF-530DF94BCE4D}) (Version: 3.0 - Idolumic)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.25 - Tweaking.com)
UAD drivers. This may take a while... (x32 Version: 9.0.0.58759 - Universal Audio, Inc.) Hidden
UAD Powered Plug-Ins (HKLM-x32\...\{9b9c7089-62a6-4bba-887c-4b94398cc561}) (Version: 9.0.0.58759 - Universal Audio, Inc.)
UAD Powered Plug-Ins (Version: 9.0.0.58759 - Universal Audio, Inc.) Hidden
UAD Powered Plug-Ins (x32 Version: 9.0.0.58759 - Universal Audio, Inc.) Hidden
ubCore64 5.63 (HKLM-x32\...\InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}) (Version: - )
ubCore64 5.63 (Version: 5.63 - Unibrain) Hidden
UNCHIRP VST-x64 1.0.0 (HKLM\...\{FE7EB46F-1099-46e2-9165-D10058814B7D}) (Version: 1.0.0 - Zynaptiq)
UNFILTER VST-x64 1.2.1 (HKLM\...\{F74A8B13-C915-4CE2-ACE0-CC6845C9D89D}) (Version: 1.2.1 - Zynaptiq)
UnHackMe 8.60 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
URS Classic Console Strip Pro VST RTAS v1.0 (HKLM-x32\...\URS Classic Console Strip Pro VST RTAS_is1) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VerbSuite Classics - Fusion-IR Bricasti M7 (Part 1) 1.1 (HKLM\...\VerbSuite Classics - Fusion-IR Bricasti M7 (Part 1)) (Version: 1.1 - LiquidSonics)
VerbSuite Classics - Fusion-IR Bricasti M7 (Part 2) 1.1 (HKLM\...\VerbSuite Classics - Fusion-IR Bricasti M7 (Part 2)) (Version: 1.1 - LiquidSonics)
VerbSuite Classics (HKLM\...\Slate Digital VerbSuite Classics_is1) (Version: 1.0.3.2 - Slate Digital)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version: - )
Virtual Buss Compressors (HKLM\...\Slate Digital Virtual Buss Compressors_is1) (Version: 1.2.7.7 - Slate Digital)
Virtual Tape Machines (HKLM\...\Slate Digital Virtual Tape Machines_is1) (Version: - Slate Digital)
VisLM v1.5.1 (HKLM\...\VisLM_is1) (Version: - NUGEN Audio)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visualizer v1.9.2 (HKLM-x32\...\Visualizer1_9_is1) (Version: - NuGen Audio)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VocALign Pro 4 VST (HKLM-x32\...\{EB77C666-B349-4046-8BD3-E4941119E1EF}) (Version: 4.00.0000 - Synchro Arts Ltd)
Voxengo Boogex (HKLM\...\Voxengo Boogex_is1) (Version: 2.1 - Voxengo)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Waves Complete (HKLM\...\Complete_is1) (Version: 2016.11.22 - Waves)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.15.40 - Webroot)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\WinDirStat) (Version: - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)
Zynaptiq ADAPTIVERB (HKLM\...\ADAPTIVERB_is1) (Version: 1.1.0 - Zynaptiq)
Zynaptiq ADAPTIVERB (HKLM-x32\...\Zynaptiq ADAPTIVERB) (Version: 1.0.1 - Zynaptiq)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04EFF940-BF67-4191-9209-1125A09409A3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {05848826-F541-4A0C-B9F2-1611BC2C39B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core1cf27e25d7e5085 => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {063A0BFF-9FB6-4A57-A0FE-92E13D9CF789} - \Auslogics\BoostSpeed\Start BoostSpeed оn SamSwanson logon -> No File <==== ATTENTION
Task: {08ABE768-2FEF-4170-8066-25BB5001F947} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {09888CEB-9E1F-4B6B-BF4A-DB2571F3F71B} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2016-08-15] (ASUSTeK Computer Inc.)
Task: {0F509641-76C6-4FAB-BEF3-CB600B547AC5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1471D492-58EE-4C44-BE77-AF989C926662} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1A41D700-2897-4BAA-A036-58E78AA05409} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1F8E022B-DD5B-4C81-B850-C98F8B88CD15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-20] (Piriform Ltd)
Task: {21C96E5B-F2CD-4BC9-8E73-CA85AC55B19E} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2012-12-25] (Arainia Solutions)
Task: {23972D0B-9EA4-444E-94E3-FEF38A46F53D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {25A3DFC4-D040-485E-B0C3-426340897B2A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-10-11] (Intel Corporation)
Task: {26678860-B1BB-4488-B82C-9D65CF436774} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-26] (NVIDIA Corporation)
Task: {28DC6CF1-3441-4644-839D-CA8C38FCF81F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-26] (NVIDIA Corporation)
Task: {2A5F42E1-3D73-43DE-AD75-7C45767E1073} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-26] (NVIDIA Corporation)
Task: {31B61FA2-6781-4DDF-A0E6-B5E23DA9740B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {34709417-D411-4C04-AC19-79E7834F99FF} - System32\Tasks\20160618_170750_Restore 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2012-08-13] (Nero AG)
Task: {355B0E4F-F22C-472D-80DF-8E171D2F3733} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2015-01-05] (Maxthon International ltd.)
Task: {36AD6884-E5D4-488D-95F6-FE8F55B41FAC} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-02-20] (Tweaking.com)
Task: {39DBE3EA-4037-4B26-AD52-FC269D6B2855} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3BC80582-EF19-47C4-B5B2-6C63A4573C8E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {40305E3B-34DB-4DB3-B2A3-B9F92E3C5D26} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {460D91C7-7A6C-4120-BDF1-351A93CF1157} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {4A2A02C8-A390-4ABD-A482-7FE54A9654CB} - System32\Tasks\open effects => C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe [2015-07-15] ()
Task: {4E2CFB07-EBB0-4549-8B69-C13637DFE808} - System32\Tasks\Patch My PC => C:\Users\SamSwanson\Desktop\PatchMyPC.exe [2017-02-20] (www.patchmypc.net)
Task: {52F29D63-FCB4-4A1A-BF18-02E57B5BE9A1} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-11] (Intel Corporation)
Task: {5B36754A-B7BE-41F5-BE37-F12045B1C69B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {5D25CD93-550A-42DF-8295-8A2C8AB3DF1E} - \avastBCLRestartS-1-5-21-3236326594-2611474830-2656184370-1001 -> No File <==== ATTENTION
Task: {5D6CA38A-4C4C-4E18-8C5D-5E2224AEC118} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {63D37EC5-5EDB-47FF-9FD1-1EBEC107D223} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {66365F28-CE4B-45AD-A996-337675E8A58E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {668D7E1E-ED4D-47C9-90C6-0775FE94025F} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-01-10] (Intel Corporation)
Task: {697EFF5B-44E8-4A03-844A-5C3AD38E4FEA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {6C09C286-EFF3-4AD4-8FB6-8392EB892C5F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA1cf27e25ff0855a => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {6C51BCE8-98E4-49AD-970F-82BA1B4FC324} - System32\Tasks\20160623_163758_Restore 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2012-08-13] (Nero AG)
Task: {6E398F56-89B4-4FC1-8AEA-E632E89C8918} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6F7DD068-47F7-4EE2-B113-F6BC5435281D} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {7388C649-BD6B-458E-BB7D-615016D011FC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-13] (COMODO)
Task: {7C23857E-26FD-48C7-AADC-94F9F547CB5F} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2017-02-11] (Bitsum LLC)
Task: {7D6CD2E9-7D16-4990-876E-A1DDD1C333DC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {8C2DAB06-A415-4E79-9FD2-92C60BC7FA67} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8D7DD635-2A2D-4000-8D1F-4C6B77F8D80E} - System32\Tasks\Microsoft\Windows\PLA\System\{2BCE5899-48A6-4AB8-B3D9-62E4245605D0}_System Diagnostics => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {95C752B4-7B0C-48D9-AE1C-3942F5D3BB76} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27] (COMODO)
Task: {96FDF968-3B9A-47A0-8729-22C64981D02C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {9929E7D3-69C5-48B3-BD78-4DA035C80291} - System32\Tasks\{BBCD0C7D-45F8-4AA4-A784-5E4F16371482} => pcalua.exe -a E:\ashampoo_firewall_free_1.20_sm.exe -d E:\
Task: {9AC9EE1F-3C7D-4D11-A723-C108476BA2FD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-22] (Adobe Systems Incorporated)
Task: {9F6C043A-F8EF-4589-9123-0EF833FBDDE8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-26] (NVIDIA Corporation)
Task: {A75CC2EA-C50E-4D36-AEA1-91212A6641DB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AD0C68FF-F1EF-4C1E-A767-DBD5729882A2} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-02-24] (Greatis Software)
Task: {AD2F8636-6963-4AAD-A26F-1D01E01200F0} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2013-01-14] ()
Task: {AD93EA85-7159-4B00-A2A8-DC9C6441F3A7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {BD2046AE-D49F-4ADD-BCDE-8005342B87D5} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27] (COMODO)
Task: {BDE36E30-62CC-4A29-816E-3A295DC2890B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-26] (NVIDIA Corporation)
Task: {C1590D8D-F402-4E93-8D27-AFD81BC6A5C3} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {C374DDAD-C0E9-49BF-A6B0-9ED56EB2165C} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2016-08-15] ()
Task: {C488B36A-662D-4D82-8D4E-7ACDD04C6206} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-10-11] (Intel Corporation)
Task: {CA31EB53-D7B0-4140-9BF1-68356F601421} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-22] (Adobe Systems Incorporated)
Task: {D583F66C-8EAB-4249-8FEB-75F592B49722} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {D6716D1C-E449-4AF6-8063-D330FAEA820B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D8D805E5-AFF8-477C-B46C-3A79C13D64E8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {DAE7EBFF-9B4D-438B-A0E1-76A7FE896D57} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E3CC8218-7A1E-4B80-B0E8-C9C2FA606B1B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E4290C7D-DF68-49AF-B8D3-ECF30CFCE984} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E8E81B66-3E1E-448E-9EDA-61D64DB64920} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {E8F94C64-88AA-4D59-AE81-D4BF8E78B677} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-13] (COMODO)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {F19205EB-384D-455D-99E3-6BC1A4840E68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F1C40402-4D4E-40EC-9F8D-55452716F7E0} - System32\Tasks\{EE492B24-CD47-404D-95D3-605112E375FA} => pcalua.exe -a "S:\More VSTI\Orchestral.Tools.Metropolis.Ark.2.Orchestra.Of.The.Deep.KONTAKT-P2P\METROPOLIS Ark 2 Win Installer.exe" -d "S:\More VSTI\Orchestral.Tools.Metropolis.Ark.2.Orchestra.Of.The.Deep.KONTAKT-P2P"
Task: {F6E4AD78-6FF4-4B5F-A68C-36575464E8A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F8D01798-23CD-4BD7-A4B2-3C85ED5B55C9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F95AB783-6CE0-421A-B5CE-89C59CE572F7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-26] (NVIDIA Corporation)
Task: {FAD23CE4-F70B-4FE3-B9F6-F8719DFDC955} - System32\Tasks\Microsoft\Windows\PLA\System\{EC8853F4-75E4-4154-B078-27C2E7531492}_System Diagnostics => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {FF6E9CA0-FA25-46F9-970E-F95E6DF9AFA3} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-11] (Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core.job => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA.job => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 23:35 - 2016-12-13 23:35 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-12-23 12:43 - 2017-01-20 16:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-07 16:14 - 2014-01-07 16:14 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2016-10-14 14:31 - 2016-10-31 09:17 - 01244408 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2016-10-31 09:17 - 2016-10-31 09:17 - 04463592 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2015-07-07 10:44 - 2015-07-07 10:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2016-04-26 13:30 - 2016-04-26 13:30 - 00367824 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2017-02-10 20:00 - 2017-01-20 19:40 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-10 20:00 - 2017-01-20 19:40 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-11 16:07 - 2017-02-11 16:07 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-11 16:07 - 2017-02-11 16:07 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-11 16:07 - 2017-02-11 16:07 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-05-24 01:09 - 2016-05-24 01:09 - 00127336 _____ () C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe
2016-12-13 23:35 - 2016-12-13 23:35 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-23 12:26 - 2016-08-15 15:04 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2014-01-07 16:16 - 2013-01-14 16:37 - 01406776 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
2016-09-14 10:10 - 2016-09-14 10:10 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-12-23 11:43 - 2011-12-17 00:18 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-12-23 13:44 - 2012-11-09 03:17 - 01433200 _____ () C:\Program Files (x86)\Ditto\Ditto.exe
2014-02-18 21:52 - 2017-02-20 17:22 - 00544208 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\DashlanePlugin.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-01-20 11:27 - 2015-07-15 21:28 - 03042304 _____ () C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe
2016-10-14 14:48 - 2016-10-31 09:17 - 07382232 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2016-04-16 11:56 - 2016-06-29 11:01 - 09698296 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2017-02-28 15:41 - 2017-02-28 11:31 - 03759448 _____ () C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\58.0.3026.0\libglesv2.dll
2017-02-28 15:41 - 2017-02-28 11:31 - 00100696 _____ () C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\58.0.3026.0\libegl.dll
2014-01-07 16:14 - 2017-03-01 13:45 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-01-07 16:14 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-12-21 17:07 - 2014-12-21 17:07 - 00119822 _____ () C:\Program Files (x86)\AnonVPN\bin\libgcc_s_dw2-1.dll
2014-12-21 17:07 - 2014-12-21 17:07 - 01026062 _____ () C:\Program Files (x86)\AnonVPN\bin\libstdc++-6.dll
2015-08-11 14:36 - 2015-08-11 14:36 - 00024896 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
2016-10-14 14:25 - 2016-10-14 14:25 - 00037808 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2016-10-14 14:48 - 2016-10-14 14:48 - 04355264 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 14:59 - 2015-08-23 14:59 - 00606672 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\sqlite3.dll
2016-10-14 14:47 - 2016-10-14 14:47 - 20605872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2015-11-16 17:05 - 2015-11-16 17:05 - 00126928 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2016-04-16 11:45 - 2016-04-16 11:45 - 00248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2017-02-10 20:01 - 2017-01-20 19:40 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-10 20:00 - 2017-01-20 19:40 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-10 20:00 - 2017-01-20 19:40 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-01-07 16:16 - 2013-01-14 17:16 - 05771136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
2014-01-07 16:16 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
2014-01-07 16:17 - 2012-08-03 16:41 - 00043520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2014-01-07 16:17 - 2012-08-03 16:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-01-07 16:16 - 2013-01-15 15:30 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2014-01-07 16:17 - 2012-07-25 09:56 - 01124864 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00875520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00350160 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00441808 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00465872 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 62691792 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00285648 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 06186448 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 07395280 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.6.7.25343.dll
2017-02-10 20:01 - 2017-01-20 19:39 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-02-10 20:01 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-02-10 20:01 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-02-10 20:01 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-02-10 20:01 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-02-10 20:01 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-02-10 20:01 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-02-10 20:01 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-10 20:01 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-02-22 17:23 - 2017-02-20 17:21 - 13674960 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 02215376 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00334288 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.6.7.25343.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-11-10 18:38 - 2015-11-10 18:38 - 08337408 _____ () C:\Users\SamSwanson\Downloads\SonarworksforDDMF\Reference3.dll
2016-10-14 14:27 - 2016-10-14 14:27 - 00333744 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2016-10-14 14:25 - 2016-10-14 14:25 - 00050096 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2016-10-14 14:25 - 2016-10-14 14:25 - 00445872 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-10-14 14:23 - 2016-10-14 14:23 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2016-10-25 02:29 - 2016-10-25 02:29 - 00224768 _____ () C:\WINDOWS\SYSTEM32\UAD2DriverClient.dll
2016-10-25 02:29 - 2016-10-25 02:29 - 02058752 _____ () C:\WINDOWS\SYSTEM32\UAD2SDK.dll
2014-04-27 13:17 - 2000-01-01 01:00 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\grep.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\MBR.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\NIRCMD.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\NvContainerRecovery.bat:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\NvTelemetryContainerRecovery.bat:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\PEV.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\sed.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SWREG.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SWSC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SWXCACLS.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins002.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins005.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins006.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins007.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\zip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AcpiServiceVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AddressParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVCatalog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVDllSurrogate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntStreamingManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntSubsystemController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntSubsystems64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntVirtualization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVIntegration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVManifest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVOrchestration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVPublishing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVReporting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVScripting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVShNotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audioLibVc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\baaupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdechangepin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactActivation.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64Proxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DbgModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64F3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv201.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv211.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSBoostDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPONS64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLimiterDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSNeoPCDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSSymmetryDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PGFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PLFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PREC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExtrasXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FMAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveprompt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GenValObj.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HarmanAudioInterface.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HiFiDAX2API.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMClariFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMEQ.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\HMEQ_Voice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMHVS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMLimiter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ICEsoundAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ImplatSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelSSTAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelSstCApoPropPage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KAAPORT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kdhvcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\libpng15.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvcProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapstoasttask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapsupdatetask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO5064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO6064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO7064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioRealtek64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxSpeechAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO2064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MISS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICAPOlfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NahimicAPONSControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICV2apo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICV3apo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nativemap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NmaDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvapi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvDecMFTMjpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434709.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434788.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435354.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435887.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435906.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6436909.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437254.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437653.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437849.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434709.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434788.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435354.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435887.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435906.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6436909.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437254.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437653.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437849.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvEncodeAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvfatbinaryLoader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvFBC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco6420103.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvhdap64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvIFR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvoglv64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvptxJitCompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\partizan.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneServiceRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Phoneutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneutilRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prm0005.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwcreator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEA64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RCoInstII64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpshell.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReWire.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RltkAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtDataProc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkApi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCfg64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCoLDR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtlCPAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtNicProp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtPgEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTSnMg64.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SECOMN64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\securekernel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEHDHF64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEHDRA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET8ED1.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET8FC2.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETA251.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETA93F.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFNHK64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFSS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sl3apo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slcnt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slprp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sltech64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRRPTR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSHP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSWOW64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tepeqapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosade.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosasfapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\toseaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tossaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tossaemaxapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TransportDSA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tspubwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataAccessRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpncmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo-1-1-0-37-0.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiConfigSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifiprofilessettinghandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModelOOBE.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XamlTileRender.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zlib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AddressParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DbgModel.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NmaDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvFBC.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\opencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Phoneutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhoneutilRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReWire.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RltkAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SECOMN32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SEHDHF32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SFCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slcext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SYNSOEMU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeEditkb.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccessRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-37-0.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmploc.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AppVStrm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AvidMbox.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AvidMbox_DFU.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ClipSp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\DDMFaudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\file_tracker.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidusb.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvservice.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorA.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\LGVirHid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbae64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndisrfl.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Neo6_x64_VPN.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nettap630.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvhda64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rt640x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RTKVHD64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET8839.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srvnet.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tib.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tib_mounter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tnd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tsvadpcm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UAD2Pcie.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UAD2System.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UAD2WdmAudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\virtual_file.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wof.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\UpdateHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Microsoft:Gb9iHSAhBg9BV12C3k73XBgHLQz [2384]
AlternateDataStreams: C:\ProgramData\Microsoft:gVCZtV597Pk0byqtUxyu9ZFc [2548]
AlternateDataStreams: C:\ProgramData\Microsoft:HkCk6pH2rgF930hJgx9 [2112]
AlternateDataStreams: C:\ProgramData\Microsoft:pyzvIDdUHQPoJqcsmkYzVeN [2130]
AlternateDataStreams: C:\ProgramData\Microsoft:w3lVKHfpoNp0LGn1SO56 [2532]
AlternateDataStreams: C:\ProgramData\Microsoft:ZUQvhkhISSBkTH7rGp [2562]
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B [152]
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [136]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:3rwwZhw2tLiAmOSNHAwYUqSaJU [1858]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:IZqLckuoBEmSeyWZ9jWWGPoF9 [2068]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:pZUQi9r51MMNkceOnZGIDucq [2336]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:suYxzGFC9bvFaXMRmXkqqt [1952]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:w6io6svORgLdd8KCHJbkN71r [2442]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Czech taxes for dummies 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\dokument.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Formulář_žádosti__pro_cizince,_neobčany_EU_a_jejich_rodinné_příslušníky-rev.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\how to licesne musick.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Money 4 Music.epub:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\PatchMyPC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Potvrzení_o_zajištění_ubytování_FO.DOC:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\RevoicePro.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Rights-Owner-Repertoire.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\SigLotSizeCalV1.2.xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\SM-Offshore-Banking-Report.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\SongMarket.epub:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\uTorrent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\uTorrent.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\3AC2.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (10).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (10).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (2).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (2).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (3).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (3).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (4).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (4).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (5).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (5).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (6).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (6).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (7).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (7).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (8).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (8).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (9).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (9).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.15.0.2_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.16.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.16.1_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.18.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.19.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.20.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.21.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.22.1_win64-setup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.22.2.2_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.23.0.2_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.24.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.24.1_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\tdsskiller.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\tdsskiller.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\bvSO2cjMUSN:nKkdVTct7EMl42YHS3SZExMJ [2388]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX:eek:6d4DS5PFDAk03KTXvn2F2mu [2712]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA:03HrcMG15SDYyUw1Sza8AWAbY [2338]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\Temporary Internet Files:xwH7V3jDNbvYm9CzQAMppM [2254]
AlternateDataStreams: C:\Users\SamSwanson\Documents\2015 tax return Horton.pdf:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2017-02-20 21:19 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\wallpaper_2.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: WSearch => 2
HKLM\...\StartupApproved\StartupFolder: => "Snagit 11.lnk"
HKLM\...\StartupApproved\StartupFolder: => "LoopBe30 Monitor.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "googletalk"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (2)"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (1)"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (3)"
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPortf0ac3e"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\StartupFolder: => "RBTray.exe"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\StartupFolder: => "SpeedFan.lnk"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Gobbler"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6884A160BCC04722E6F4385CB6FFBBDA"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GizmoDriveDelegate"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Copy"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DriverMax"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_20359AAFD869880A09A939B153F8703B"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8811F55-5587-4E2E-9803-5F89E86BE479}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E4BE2C83-8EFB-40F4-AA36-DF1B6E02FC63}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E50ECC5-ADEE-41F4-B456-DD8184B7B9D7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{06E10D22-128D-4D9C-81AE-CFCC8F5C0D78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{800BE274-31F7-4485-93FA-49D22449C363}] => (Allow) S:\SteamGameLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{B6A68273-9DDE-4550-BF33-23B26844ED8A}] => (Allow) S:\SteamGameLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{E5A8B4EF-E0C3-46C4-8655-F4667B7C0FC3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{AF19923E-DFBF-44CE-8E35-C061282BF825}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [UDP Query User{F5776BFC-9EE0-43A2-B705-766521F94B2D}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{A17EFB4D-9DC9-470C-8B1B-BC335E7CA9B8}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{FEB8E9ED-9B27-4C04-AE59-C6FB21E4CFEE}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [TCP Query User{4FC0708F-E22A-46A0-B3A1-8BAF833E3603}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [UDP Query User{82951DBB-1382-405F-B496-B2CB552D2CC9}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F2B9FCED-0F9D-49E0-9B96-B20FC514B119}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{32E5E5FF-AE09-40CA-9019-D3486EEBABF5}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [TCP Query User{43AFE483-1F63-4C55-8462-69C60BC018BA}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{EB46C128-ED00-4C3F-8F84-47470F58C813}] => (Block) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [{69B1232F-5701-454C-ADFE-08E54D6B0920}] => (Block) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [UDP Query User{1AB4FC87-2B0D-472E-A3E6-61C2B6C070FA}C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe] => (Allow) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [TCP Query User{EB0FECB5-C9BD-488B-99F8-68E3EE0359D9}C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe] => (Allow) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [UDP Query User{2AFF58C6-0DEA-4814-BFFB-9396E88BD493}C:\program files\reaper (x64)\plugins\reaper_host64.exe] => (Block) C:\program files\reaper (x64)\plugins\reaper_host64.exe
FirewallRules: [TCP Query User{78335E54-289F-41C9-A7FB-1EEC0AC1D749}C:\program files\reaper (x64)\plugins\reaper_host64.exe] => (Block) C:\program files\reaper (x64)\plugins\reaper_host64.exe
FirewallRules: [{7AF1A041-07C9-4959-8274-77EE03809209}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6986C6E8-5AE1-4AF7-9F1B-8E4880BEF5F9}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9A87E20F-0224-40A4-A0A6-CF2D427F4D20}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BA177546-4044-4C07-AFE8-69887582567D}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{0BFC59AF-9A77-433F-9D79-6A42BC3B990E}C:\program files (x86)\idolumic\tunesmith\tunesmith.exe] => (Block) C:\program files (x86)\idolumic\tunesmith\tunesmith.exe
FirewallRules: [TCP Query User{A3ECAB14-43DA-4877-B411-E11F65833A70}C:\program files (x86)\idolumic\tunesmith\tunesmith.exe] => (Block) C:\program files (x86)\idolumic\tunesmith\tunesmith.exe
FirewallRules: [{9F08C694-EC8D-4028-B569-CC536012E7BB}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{B184610F-D175-44C7-B31A-4C9CF612667C}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{85F3ACDA-06E5-4E75-BBB3-E4993FCACAEA}] => (Allow) LPort=1688
FirewallRules: [{FE438153-8F8D-492D-A2FB-B9DC4D356A58}] => (Allow) LPort=1688
FirewallRules: [{4810449D-6142-46CE-90E8-E59770BFC440}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CA27EC5C-5D60-4DE9-A224-7B39FC82845B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{50841857-DD2A-46AC-8627-9A7BE07699D7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4EF546A8-7388-4B39-8C68-16D263B1252B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{901F754B-7F53-41C0-A07B-A4D8D0DFE036}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FF7228E9-9CA7-41CD-A723-2F149E256AC0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6FA2A9E8-A72E-42CF-A794-B18CC107DEA1}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{F71782BC-163B-4084-BA5E-9BE299F8C6C3}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{159A065B-2BA1-4A71-8EE1-BAAEA61F9001}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{FE35395F-4673-4FC1-85FB-576D178B0B1D}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [UDP Query User{1579E7CF-1850-48C3-886A-632A8EC41CB6}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [TCP Query User{7DCC07A6-5616-48B2-AC59-2C37A069E637}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [UDP Query User{AB2EA62A-A8E9-4766-83D1-08DEFBBBBB76}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4E60A726-4483-4E32-9B1C-85B9E69C232F}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5EE2E0AD-9DAB-4F6D-8D38-0A41D29BF39E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AE76EA5F-CF6E-4FDC-BF69-7187C5A8CD22}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D524EB94-7130-4A51-9936-58807A7CCC32}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DC004AA2-EAB9-45C4-8636-FBF333884C16}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{264C0F87-944D-4B28-B875-008CE407DCEC}] => (Allow) C:\Program Files (x86)\gnucash\bin\gconfd-2.exe
FirewallRules: [{BEEFD323-7E07-406B-B349-2515E304A47A}] => (Allow) C:\Program Files (x86)\gnucash\bin\gconfd-2.exe
FirewallRules: [{4C7D8CF3-F3E2-46AD-8B64-D3064C44978B}] => (Allow) C:\Program Files (x86)\gnucash\bin\gnucash.exe
FirewallRules: [{B73A089E-647C-40E4-BC4B-061EE4354A35}] => (Allow) C:\Program Files (x86)\gnucash\bin\gnucash.exe
FirewallRules: [{159B9D62-A976-4BF7-8EBB-1E2082C0DA3B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{394FFBE6-FF1C-4139-B2B4-B00E21956F4E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{57DFEDDE-D220-4A8D-85E3-2EDBBBE665B2}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{09BB3EE1-42E8-4B70-B9FB-ECEE43D6E6E7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [UDP Query User{8B077964-B2EF-4647-B909-569A0E35D127}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [TCP Query User{BA5E5EF7-5ADA-4398-A746-A25FDEA7334A}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{39D9F0E3-EEF9-4650-94DB-AD618B47C70A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{D3A12194-DFB4-41DE-BAFE-163B728B7C2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [UDP Query User{C489928B-BCB6-4CAD-B115-8637D6D5F1E2}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [TCP Query User{873D8F9D-EA4F-4D25-9643-79E633CB1825}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [{3AE70BBF-4187-408E-8552-8C40592320B4}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{23AC632F-EAB7-4D82-91A0-AF1745451F95}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [UDP Query User{34448265-8649-4C33-AC9D-CE6B4BDE66C0}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [TCP Query User{CC138988-1294-4E93-B9F7-B5EEEAF4385B}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [{347A2896-44B0-4781-8639-F8E6DADBAF9B}] => (Block) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [{043836B9-CABB-4DE7-BB6F-4C6561C5B4AF}] => (Block) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [UDP Query User{A7D9C2DC-CB32-4544-A540-3CE567BB1891}C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe] => (Allow) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [TCP Query User{C17FD2D4-D884-4DF0-BFC2-BA96D1E34ACC}C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe] => (Allow) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [{FC9A52D6-E8D3-43D5-9EE5-A4CC0A72E7E1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D44DDEE-E403-49B8-971A-46814BF7814C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{65942B4D-AAD7-4320-BDFC-7B54A64A2DF8}] => (Allow) C:\Program Files (x86)\Intel\Extreme Tuning Utility\Client\PerfTune.exe
FirewallRules: [{10EA7950-8535-46F1-BD21-00FA3E46A57C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2A95E67F-00BA-4C7F-982F-21737687F7C2}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{D349A76B-9E0E-4A55-BD62-98E51D8FC3FF}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [TCP Query User{0F05B259-9FEA-40DD-A9E3-70A1E7D792A8}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [UDP Query User{63BE29B2-A2E7-4578-97CC-D0DCBF7639AE}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [TCP Query User{FD47186C-FB63-42B6-8252-1BA2D3D031C6}C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe] => (Allow) C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe
FirewallRules: [UDP Query User{B6461154-8899-4C23-922A-8B13A7389751}C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe] => (Allow) C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe
FirewallRules: [{33659DC1-1F98-439A-AEC3-57776D741690}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4DCCEBA1-C481-409A-B6A3-9978F0C403D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FE6ED81B-B560-40F0-8975-770BE8C4B4C5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{DE906F04-5348-4E10-8278-2FA61E95B0B3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [TCP Query User{C20C177B-0E29-469B-A6DA-2CF7B87D207D}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{A3922E75-DF5F-4382-9192-D3989C5686AE}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [TCP Query User{E2572DE2-18A4-4838-BF78-D416F7A58F87}C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{4C7F8891-A519-4288-A555-D6B644C983F9}C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{8164E955-4659-4A72-8510-667E48F5CBCF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{193307C5-27EA-4047-8D49-62699F1ABCA8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{23D75EBE-3F14-4B79-8CAD-EB12D7FA7A23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F9C2D2D0-2A16-4751-8866-990FE9C3C851}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{16F6121E-B315-462F-9B0C-4753ECD149D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C5E08516-C1BC-4B12-BB6E-45A9CE248B88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DE03B6B4-FD06-45C6-991C-EB99785E619A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2D32070B-BE19-469C-9749-20AF2E943B77}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B2868D72-9C1F-442F-829F-7E3CC250B9D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8E7B85F4-59CC-4743-ABDC-113EF0515C1A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{80A0797C-B514-4C9D-9AD0-4030E922803D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{151CDCEB-5350-4E0B-B3DF-5D1AFD444318}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{2FC9AC5D-2002-4226-851A-C906786981FE}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{CBF94C9D-E30C-4E5E-90C8-84E3E08CAE9B}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{447E0C97-2CD8-4303-8588-9CEE3774093C}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{E8226ED0-F618-4BFF-9414-9DE5D234B0E5}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe
FirewallRules: [{4FC8502B-C59D-4A3E-835A-1D56C834280C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{266AE150-5BAC-41F2-B9C7-3AEFEF2BD695}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{A83100B2-AC65-4E83-BCA3-B70ACBD1F190}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{A6644206-9A35-4A7E-A8AF-0759C35D655D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{97AC4EC6-F9A0-4962-A2AB-EDA3242B18EE}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{6AECC060-1F3B-47E6-8945-52A9F9577BC3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{5726AA47-031F-426F-B0F5-64624B7C1215}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

28-02-2017 11:49:12 UnHackMe Malware Removal
01-03-2017 11:44:51 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Primo Ramdisk Controller
Description: Primo Ramdisk Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ROMEX SOFTWARE
Service: FancyRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2017 01:45:23 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CISCTPnpDriverApi::CreateInstance *****Unable to open the ISCT device driver

Error: (03/01/2017 01:45:21 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance due to the following error: The operation completed successfully. 0x0.

Error: (03/01/2017 01:45:21 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog

Error: (03/01/2017 01:45:21 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (03/01/2017 01:11:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 48e6d0c5-d8e4-4360-bb8d-3d6bb71a9fc6
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (03/01/2017 01:11:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 48790a9b-3153-47b4-a6e5-f22baa3906b6
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (03/01/2017 01:11:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 98b6a535-974c-449e-982a-a246c737bd67
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (03/01/2017 01:10:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: a9a55e69-c8eb-463d-aaed-78bcb9e053a9
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (03/01/2017 01:10:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: bd5faf09-c96e-41ac-8ba9-644fb2285df0
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (03/01/2017 01:10:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x3928
Faulting application start time: 0x01d29284dff4341e
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 6cc81cc9-2e64-4a70-a2c2-02284f9bf320
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge


System errors:
=============
Error: (03/01/2017 01:47:39 PM) (Source: DCOM) (EventID: 10010) (User: JIRICOMPUTER)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (03/01/2017 01:45:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error:
A device attached to the system is not functioning.

Error: (03/01/2017 01:45:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (03/01/2017 01:45:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroupListener service terminated with the following service-specific error:
%%2147944153 = There are no more endpoints available from the endpoint mapper.

Error: (03/01/2017 01:45:20 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/01/2017 01:45:08 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/01/2017 01:45:07 PM) (Source: FancyRd) (EventID: 2) (User: )
Description: The evaluation period for this installation of Primo Ramdisk has expired.

Error: (03/01/2017 01:44:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/01/2017 12:44:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (03/01/2017 12:44:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\SAMSWA~1\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
Date: 2017-03-01 13:45:20.462
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-01 13:10:23.122
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-03-01 10:08:14.214
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-28 20:24:01.160
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-28 14:34:03.436
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-28 14:24:45.395
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-28 10:27:02.809
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-27 23:33:07.375
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-27 10:13:30.628
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-26 10:20:40.553
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 20%
Total physical RAM: 32716.45 MB
Available physical RAM: 26103.2 MB
Total Virtual: 32716.45 MB
Available Virtual: 25484.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.13 GB) (Free:113.97 GB) NTFS
Drive r: (Redundant) (Fixed) (Total:2794.39 GB) (Free:1153.93 GB) NTFS
Drive s: (Major Scott) (Fixed) (Total:2794.39 GB) (Free:1561.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 3DE8DBCF)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: BCDE926D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 1CD3CAE0)

Partition: GPT.

==================== End of Addition.txt ============================
Rkill Report:

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:


Program started at: 03/01/2017 05:57:09 PM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 => C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\INetCache\IE [Dir]

Checking Windows Service Integrity:

* agp440 [Missing Service]
* gagp30kx [Missing Service]
* IEEtwCollectorService [Missing Service]
* IoQos [Missing Service]
* nv_agp [Missing Service]
* TimeBroker [Missing Service]
* uagp35 [Missing Service]
* uliagpkx [Missing Service]
* WcsPlugInService [Missing Service]
* wpcfltr [Missing Service]
* WSService [Missing Service]

* AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
* WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

* vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
* vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 03/01/2017 05:58:06 PM
Execution time: 0 hours(s), 0 minute(s), and 57 seconds(s)

AdwCleaner Report

# AdwCleaner v6.044 - Logfile created 01/03/2017 at 18:04:20
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-02-28.2 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : SamSwanson - JIRICOMPUTER
# Running from : C:\Users\SamSwanson\Desktop\Computer fix\adwcleaner_6.044.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - iabeihobmhlgpkcgjiloemdbofjbdcic
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - aaaaaiabcopkplhgaedhbloeejhhankf
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - mamnihopcnbfnbfnnneplcohmnkkpipb
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - dgpdioedihjhncjafcpgbbjdpbbkikmi
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - nedjejdfkkjgebciefdfofjhmeogiaga
Chrome pref Found: [C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences ] - dgpdioedihjhncjafcpgbbjdpbbkikmi

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [14067 Bytes] - [12/08/2016 15:02:17]
C:\AdwCleaner\AdwCleaner[C2].txt - [5079 Bytes] - [05/12/2016 19:17:10]
C:\AdwCleaner\AdwCleaner[C3].txt - [3399 Bytes] - [12/02/2017 23:44:50]
C:\AdwCleaner\AdwCleaner[C4].txt - [2653 Bytes] - [13/02/2017 18:05:07]
C:\AdwCleaner\AdwCleaner[C5].txt - [2811 Bytes] - [19/02/2017 18:07:14]
C:\AdwCleaner\AdwCleaner[C6].txt - [2565 Bytes] - [21/02/2017 20:08:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [14440 Bytes] - [27/02/2016 01:27:24]
C:\AdwCleaner\AdwCleaner[S2].txt - [356 Bytes] - [27/02/2016 11:35:21]
C:\AdwCleaner\AdwCleaner[S3].txt - [5075 Bytes] - [05/12/2016 19:10:36]
C:\AdwCleaner\AdwCleaner[S4].txt - [3532 Bytes] - [12/02/2017 23:37:34]
C:\AdwCleaner\AdwCleaner[S5].txt - [2923 Bytes] - [13/02/2017 17:58:12]
C:\AdwCleaner\AdwCleaner[S6].txt - [3081 Bytes] - [19/02/2017 18:01:33]
C:\AdwCleaner\AdwCleaner[S7].txt - [2784 Bytes] - [21/02/2017 19:50:35]
C:\AdwCleaner\AdwCleaner[S8].txt - [2784 Bytes] - [01/03/2017 18:04:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2857 Bytes] ##########
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,397
552
Let's clean some trash from the machine before a FRST fix... :)

Clean up temp files and reduce startup load with CCleaner.


Note: This tool will clean your browsing history as well.

  • Download CCleaner from here.
  • After install Click Options.
  • Go to monitoring.
  • Uncheck All Monitoring items.
  • Go to advanced -- Click close program after cleaning.
  • Go to settings -- click run ccleaner when the computer starts.
  • Now that you have ccleaner installed and set-up:
  • Open the program.
  • Go to Tools
  • Go to Startup
  • Now double click each item. To Disable.
  • Leave only your antivirus enabled.
  • Then disable All items in your scheduled task as well.
  • Unless they are related to windows defender.Or your antivirus.
  • Reboot the machine.


JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Adware Removal Tool Scan.



Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.









Hit Ok.







Hit next make sure to leave all items checked, for removal.









The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.






2. Once you have started the program, you will need to click the scanner button.



The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.



Let's have a fresh look at your system after the above scans please.

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked, as well as Shortcut.txt
  • Press Scan button and wait.
  • The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt
Please Copy & Paste them into your next reply. But attach Shortcut.txt
 

slonslon7

PCHF Member
PCHF Member
Mar 1, 2017
14
8
32
Great! Thank you, seems like the tools found some stuff.

Here are the reports:

JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Pro x64
Ran by SamSwanson (Administrator) on 03/01/2017 at 19:58:49.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder)



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_20359AAFD869880A09A939B153F8703B (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_6884A160BCC04722E6F4385CB6FFBBDA (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/01/2017 at 20:10:14.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adware Removal Tool:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool 5.1
Time: 2017_03_01_19_39_52
OS: Windows 10 Pro - x64 Bit
Account Name: SamSwanson
Adware Definition: 03012017
Elapsed time: 16:26
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4eb3fc20-7158-4dd5-a08e-707541e9341c}\ <RegValue:> AppPath <RegData:> C:\Users\SamSwanson\AppData\Local\Pokki\Download Helper : C:\Users\SamSwanson\AppData\Local\Pokki\Download Helper

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ <RegValue:> DllName <RegData:> BabylonToolbar.dll : BabylonToolbar.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ <RegValue:> DllName <RegData:> BabylonToolbar.dll : BabylonToolbar.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll : BabylonToolbarTlbr.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ <RegValue:> DllName <RegData:> BabylonToolbar.dll : BabylonToolbar.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ <RegValue:> DllName <RegData:> BabylonToolbar.dll : BabylonToolbar.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll : BabylonToolbarTlbr.dll

[-] Deleted ->> Registry Value Data ->> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4eb3fc20-7158-4dd5-a08e-707541e9341c}\ <RegValue:> AppPath <RegData:> C:\Users\SamSwanson\AppData\Local\Pokki\Download Helper : C:\Users\SamSwanson\AppData\Local\Pokki\Download Helper

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ <RegValue:> DllName <RegData:> BabylonToolbar.dll : BabylonToolbar.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ <RegValue:> DllName <RegData:> BabylonToolbar.dll : BabylonToolbar.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll : BabylonToolbarTlbr.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ <RegValue:> DllName <RegData:> BabylonToolbar.dll : BabylonToolbar.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ <RegValue:> DllName <RegData:> BabylonToolbar.dll : BabylonToolbar.dll

[-] Deleted ->> Registry Value Data ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ <RegValue:> DllName <RegData:> BabylonToolbarTlbr.dll : BabylonToolbarTlbr.dll

[-] Repaired ->> File ->> C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Preferences

[-] Repaired ->> File ->> C:\Users\SamSwanson\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
ZHPCleaner:
~ ZHPCleaner v2017.2.27.37 by Nicolas Coolman (2017/02/27)
~ Run by SamSwanson (Administrator) (01/03/2017 20:23:38)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\SamSwanson\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\SamSwanson\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 14393)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (23)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (50)
MOVED file: C:\Windows\Installer\wix{273E4CB3-22E9-42B8-9F9E-700A07158113}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{3490D0B6-BB44-417E-8B82-F30C7B48E3F5}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{38EDF46C-6D02-41E7-B76F-C1330603B63B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{44B72151-611E-429D-9765-9BA093D7E48A}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{49C3123D-9497-434D-A988-A9B389B1E189}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{583882E7-EA75-4BF0-94FA-7DD5A3731C76}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{6B23CC2A-3660-4430-920B-E3C706A252E4}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{7CC317AF-84DC-4C6B-9894-453545969892}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{919CE8F2-C283-4FBE-B29F-3BEA088C37EA}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{B5E06417-A4AC-4225-B36E-7E34C91616E7}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{FE4EC25E-CCE4-477C-80B4-C6B351EE1BC6}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Users\SamSwanson\Downloads\PokkiInstaller.exe [Pokki - Pokki Installer] =>.Superfluous.SweetLabs
MOVED file: C:\Windows\Installer\{4F524A2D-5350-4500-76A7-A758B70C1C01}\ToolbarIcon.exe =>PUP.Optional.BrowserTabSearch
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
MOVED folder: C:\WINDOWS\Installer\MSI1AFE.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI1CFE.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI1F61.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI228D.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI2463.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI26F5.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI463A.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI4633.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI48AC.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI5A4F.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI6D7A.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI7725.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI79D6.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI87D.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI8DE2.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI8FC8.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI9326.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI99B6.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIA42C.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIA63.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIABAF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIBA6A.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIC33E.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIC335.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIC90B.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSICFA6.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIDE00.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIE2A.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIECF5.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF9E5.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIFE2C.tmp- =>.Superfluous.Empty


---\\ Registry ( Key, Value, Data) (19)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211671166} [] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110211671166} [] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211671166} [] =>PUP.Optional.CrossRider
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\soundcloud.com [] =>PUP.Optional.SoundCloud
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\soundcloud.com [] =>PUP.Optional.SoundCloud
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\D2A425F405350054677A7A857BC0C110 [Search App by Ask] =>PUP.Optional.BrowserTabSearch
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00085D4C91CA53E438FC1F2F2C6B46DA [C:\ProgramData\Ableton\Live 9 Suite\Resources\Extensions\WebConnector\third_party\site-packages\decorator-3.3.2-py2.5.egg\EGG-INFO\PKG-INFO] =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\001286686E58BD54AB9C406325E69AD4 [C:\ProgramData\Ableton\Live 9 Suite\Resources\Extensions\WebConnector\third_party\lib\distutils\debug.pyc] =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0091CD89BDA3D68469CE2EB4994992D1 [C:\Program Files (x86)\Common Files\Native Instruments\Shared Content\Sounds\Reaktor 5\Blue Matrix\Elektro Popper HS.ksd] =>PUP.Optional.Vonteera
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\010E70FAA1A2E204A99D9E21B7B03C79 [C:\ProgramData\Ableton\Live 9 Suite\Resources\Extensions\WebConnector\third_party\lib\encodings\euc_jis_2004.pyc] =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0125DAD2495BB2242AD12C79F6A2FD8A [S:\More VSTI\Abbey Road 50s Drummer Library\MIDI Files\07 Indie\13 Mid Groover 111BPM\05 8th Toms.mid] =>PUP.Optional.Shopper
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\014E404DAF14D4F4098B05A6757EDAA6 [C:\ProgramData\Ableton\Live 9 Suite\Resources\Extensions\WebConnector\third_party\lib\encodings\latin_1.pyc] =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\017835FBFF3272B4DBF51AEBE7A2F09D [C:\ProgramData\Ableton\Live 9 Suite\Resources\Extensions\WebConnector\third_party\lib\encodings\__init__.pyc] =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02458FFBE73543A4A9D78516C3AF4AF0 [C:\ProgramData\Ableton\Live 9 Suite\Resources\Extensions\WebConnector\third_party\lib\distutils\dir_util.pyc] =>Adware.Sambreel
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\028BBEF6A9C7E514DBD346613B4DC0C8 [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>PUP.Optional.APNToolBar
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D4F102C5-EEA1-CAE1-8E67-1A7FCE27F673} [Microsoft Corporations] =>Heuristic.Suspect
DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\D2A425F405350054677A7A857BC0C110 [] =>PUP.Optional.BrowserTabSearch
DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] =>Riskware.QuickTime


---\\ Summary of the elements found (11)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.SweetLabs
https://www.nicolascoolman.com/fr/pup-browsertabsearch/ =>PUP.Optional.BrowserTabSearch
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/ =>Riskware.QuickTime
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.SoundCloud
https://www.nicolascoolman.com/fr/pup-optional-sambreel/ =>Adware.Sambreel
https://www.nicolascoolman.com/fr/trojan-vonteera/ =>PUP.Optional.Vonteera
https://www.anti-malware.top/2016/05/02/pup-optional-shopper/ =>PUP.Optional.Shopper
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.APNToolBar
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect


---\\ Other deletions. (22)
~ Registry Keys Tracing deleted (22)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 901
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 69
FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by SamSwanson (administrator) on JIRICOMPUTER (01-03-2017 20:29:24)
Running from C:\Users\SamSwanson\Desktop\Computer fix
Loaded Profiles: SamSwanson (Available Profiles: SamSwanson)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
() C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Dashlane, Inc.) C:\Users\SamSwanson\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
(Flux Software LLC) C:\Users\SamSwanson\AppData\Local\FluxSoftware\Flux\flux.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
() C:\Users\SamSwanson\AppData\Roaming\Dashlane\DashlanePlugin.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
() C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Universal Audio, Inc.) C:\Program Files (x86)\Universal Audio\Powered Plugins\UATrayIcon.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Avid) C:\Program Files (x86)\Avid\Mbox\DriverInterface.exe
(Universal Audio, Inc.) C:\Program Files (x86)\Universal Audio\Powered Plugins\UADPerfMon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-12-03] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-11] (Copyright 2017.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-02-11] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-02-11] (Malwarebytes)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched (1)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched (2)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched (3)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-12-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-12-28] ()
HKLM-x32\...\Run: [CheckNDISPortf0ac3e] => C:\Program Files (x86)\Hostless Modem\Mobile Hotspot Admin\CheckNDISPort_df.exe [465664 2014-03-26] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\Mobile Hotspot Admin\CancelAutoPlay_df.exe [446720 2014-03-26] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [421768 2016-06-29] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7382232 2016-10-31] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992056 2017-01-18] (Webroot)
HKLM-x32\...\Run: [UATrayIcon] => C:\Program Files (x86)\Universal Audio\Powered Plugins\UATrayIcon.exe [3804160 2016-10-25] (Universal Audio, Inc.)
HKLM-x32\...\Run: [UAPerfMon] => C:\Program Files (x86)\Universal Audio\Powered Plugins\UADPerfMon.exe [5964288 2016-10-25] (Universal Audio, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1265256 2017-01-25] (Carbonite, Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Dashlane] => C:\Users\SamSwanson\AppData\Roaming\Dashlane\Dashlane.exe [486352 2017-02-22] (Dashlane, Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [1433200 2012-11-09] ()
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [F.lux] => C:\Users\SamSwanson\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (1)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (2)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (3)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (4)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [DashlanePlugin] => C:\Users\SamSwanson\AppData\Roaming\Dashlane\DashlanePlugin.exe [544208 2017-02-20] ()
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Spotify Web Helper] => C:\Users\SamSwanson\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-17] (Spotify Ltd)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Spotify] => C:\Users\SamSwanson\AppData\Roaming\Spotify\Spotify.exe [7067760 2017-02-17] (Spotify Ltd)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update] => C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2016-08-15] (Disc Soft Ltd)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [GizmoDriveDelegate] => C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2012-12-25] (Arainia Solutions)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\RunOnce: [Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\RunOnce: [Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-03-18] (Acronis)
ShellIconOverlayIdentifiers: [MacDriveVolumeIcon] -> {6B21AF46-EE37-40D0-A707-C06C17D06CE9} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation)
ShellIconOverlayIdentifiers: [MacDriveVolumeIconReadOnly] -> {E9BC4DCA-0A4E-4C65-9D40-621C9D0CDC5F} => C:\Program Files\Mediafour\MacDrive 9\MDVolumeIcons.dll [2012-05-21] (Mediafour Corporation)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-01-25] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2016-08-23]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-02-25]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EffectRack.lnk [2016-08-11]
ShortcutTarget: EffectRack.lnk -> C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe ()
Startup: C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2016-08-16]
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{2173f261-2e23-4f0a-940a-2a88ca2b214b}: [NameServer] 74.82.42.42,192.168.0.1
Tcpip\..\Interfaces\{2173f261-2e23-4f0a-940a-2a88ca2b214b}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{7faf953a-453a-4de6-a3bc-2ce40997f6cc}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7faf953a-453a-4de6-a3bc-2ce40997f6cc}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{a56f0fe6-a65d-419a-9a9d-a9f8c86c22bd}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{c09f412c-6a39-48fa-9e06-9f815d6e9d25}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-20] (Oracle Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-20] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)

FireFox:
========
FF DefaultProfile: [email protected]
FF ProfilePath: C:\Users\SamSwanson\AppData\Roaming\Mozilla\Firefox\Profiles\lncyg2i6.default [2017-03-01]
FF NewTab: Mozilla\Firefox\Profiles\lncyg2i6.default -> about:newtab
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\lncyg2i6.default ->
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\lncyg2i6.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\lncyg2i6.default -> about:blank
FF Keyword.URL: Mozilla\Firefox\Profiles\lncyg2i6.default ->
FF Extension: (Dashlane) - C:\Users\SamSwanson\AppData\Roaming\Mozilla\Firefox\Profiles\lncyg2i6.default\Extensions\[email protected] [2017-01-05]
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-01-27]
FF SearchPlugin: C:\Users\SamSwanson\AppData\Roaming\Mozilla\Firefox\Profiles\lncyg2i6.default\searchplugins\google-avast.xml [2015-01-06]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml [2010-12-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml [2010-12-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-20] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @ilok.com/iLokHelper,version=3.1.0.7 -> C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll [2012-11-17] ( PACE Anti-Piracy, Inc)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2000-01-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-03-25] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @citrixonline.com/appdetectorplugin -> C:\Users\SamSwanson\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\SamSwanson\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-05-15] (Google)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @talk.google.com/O1DPlugin -> C:\Users\SamSwanson\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-05-15] (Google)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @tools.google.com/Google Update;version=3 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @tools.google.com/Google Update;version=9 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-20] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll [2010-12-03] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Users\SamSwanson\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-05-15] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\SamSwanson\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-05-15] (Google)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-branding.js [2010-12-03]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js [2010-12-03]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\firefox.js [2010-12-03]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\reporter.js [2010-12-03]

Chrome:
=======
CHR DefaultProfile: Default
CHR HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iahagolkpaghhinaljhjihagjgomdokb] - C:\Users\SamSwanson\AppData\Local\Alexa\atbpg-HyChcu-1.3.crx [2014-04-29]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1244408 2016-10-31] ()
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [4463592 2016-10-31] ()
R2 AnonVPN VPN; C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe [127336 2016-05-24] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-10-31] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-01-07] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2014-01-07] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2014-01-07] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.05\AsusFanControlService.exe [2005504 2014-01-07] (ASUSTeK Computer Inc.) [File not signed]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-10-13] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-10-13] (COMODO)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-28] (Creative Technology Ltd) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2016-08-15] (Disc Soft Ltd)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1243024 2013-02-11] (Binary Fortress Software)
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2012-12-25] (Arainia Solutions)
R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-11] (Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [153296 2016-06-10] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [478416 2016-06-10] (Intel(R) Corporation)
S2 ISCTAgent; c:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-10-11] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2000-01-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-02-11] (Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2016-06-29] (Acronis)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-26] (NVIDIA Corporation)
R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-13] (Microsoft Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-25] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9698296 2016-06-29] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2017-02-11] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992056 2017-01-18] (Webroot)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [14936 2012-08-17] (Intel(R) Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-11] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-15] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 AU8168; C:\WINDOWS\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40960 2016-09-08] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [862648 2016-09-08] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [54336 2016-09-08] (COMODO)
R3 DDMF_Audio; C:\WINDOWS\system32\drivers\DDMFaudio.sys [28456 2015-07-15] (DDMF)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-08-15] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-02-11] ()
R0 FancyRd; C:\WINDOWS\System32\drivers\fancyrd.sys [188352 2012-06-24] (Romex Software)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [366432 2016-10-31] (Acronis International GmbH)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2012-12-25] (Arainia Solutions LLC)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-12-24] ()
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-22] (REALiX(tm))
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 iLokDrvr; C:\WINDOWS\System32\drivers\iLokDrvr.sys [25808 2013-10-27] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [147304 2016-09-08] (COMODO)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [23832 2012-08-13] (Intel Corporation)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
S3 LoopBe30; C:\WINDOWS\system32\drivers\loopbe30.sys [16896 2011-02-26] (nerds.de)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-03-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-03-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-03-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-03-01] (Malwarebytes)
R3 MBOX; C:\WINDOWS\system32\DRIVERS\AvidMbox.sys [464616 2016-08-15] (Avid)
R3 MBOXDFU; C:\WINDOWS\System32\drivers\AvidMbox_DFU.sys [31464 2016-08-15] (Avid)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [322768 2012-11-15] (Mediafour Corporation)
R0 MDPMGRNT; C:\WINDOWS\System32\DRIVERS\MDPMGRNT.SYS [32464 2012-06-05] (Mediafour Corporation)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [41688 2016-06-10] (Intel Corporation)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-02-25] (SoftEther Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NetTap630; C:\WINDOWS\system32\DRIVERS\nettap630.sys [67800 2016-06-10] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_02838dee03d82b94\nvlddmkm.sys [14427064 2017-02-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-10] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-10] (NVIDIA Corporation)
R3 OXYGEN; C:\WINDOWS\system32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-02-24] (Greatis Software)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-11-22] (Realtek )
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-02-25] (SoftEther Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 teVirtualMIDI64; C:\WINDOWS\system32\DRIVERS\teVirtualMIDI64.sys [30208 2012-08-16] (Tobias Erichsen)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1267552 2016-10-31] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [193376 2016-10-31] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [601432 2016-10-31] (Acronis International GmbH)
R3 UAD2Pcie; C:\WINDOWS\System32\drivers\UAD2Pcie.sys [82752 2016-11-03] (Universal Audio, Inc.)
R3 UAD2System; C:\WINDOWS\System32\drivers\UAD2System.sys [134464 2016-11-03] (Universal Audio, Inc.)
R3 UAD2WdmAudio; C:\WINDOWS\system32\DRIVERS\UAD2WdmAudio.sys [27968 2016-11-03] ()
R3 VBAudioHFVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_hfvaio64_win7.sys [33512 2014-03-07] (Windows (R) Win 7 DDK provider)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [279392 2016-06-29] (Acronis International GmbH)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [39936 2016-07-16] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2014-01-03] ()
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [143248 2017-02-27] (Webroot)
R3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66328 2016-10-11] (Webroot)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-11] (Zemana Ltd.)
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 ManyCam; \SystemRoot\system32\DRIVERS\mcvidrv.sys [X]
S3 mcaudrv_simple; \SystemRoot\system32\drivers\mcaudrv_x64.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 20:11 - 2017-03-01 20:24 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\ZHP
2017-03-01 19:30 - 2017-03-01 19:30 - 02746880 _____ C:\Users\SamSwanson\Downloads\ec19.tmp
2017-03-01 19:25 - 2017-03-01 19:40 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2017-03-01 19:25 - 2017-03-01 19:25 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-03-01 14:33 - 2017-03-01 14:33 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Overloud
2017-03-01 14:33 - 2017-03-01 14:33 - 00000000 ____D C:\ProgramData\Overloud
2017-03-01 13:43 - 2017-03-01 13:43 - 00154624 _____ C:\Users\SamSwanson\Desktop\SigLotSizeCalV1.2.xls
2017-03-01 12:43 - 2017-03-01 12:43 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\ESET
2017-02-28 22:48 - 2017-03-01 13:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-28 14:25 - 2017-02-28 14:25 - 00000000 ____D C:\ProgramData\MetaQuotes
2017-02-28 14:24 - 2017-02-28 14:24 - 00002075 _____ C:\Users\Public\Desktop\Tradeo - MetaTrader 4.lnk
2017-02-28 14:24 - 2017-02-28 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradeo - MetaTrader 4
2017-02-28 14:24 - 2017-02-28 14:24 - 00000000 ____D C:\Program Files (x86)\Tradeo - MetaTrader 4
2017-02-27 23:05 - 2017-02-27 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2017-02-25 14:26 - 2017-02-25 14:26 - 00038216 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\Neo6_x64_VPN.sys
2017-02-25 14:23 - 2017-03-01 20:27 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2017-02-25 14:23 - 2017-02-25 14:23 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\vpncmd.exe
2017-02-25 14:23 - 2017-02-25 14:23 - 00051024 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\SeLow_x64.sys
2017-02-25 14:23 - 2017-02-25 14:23 - 00001980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2017-02-25 14:23 - 2017-02-25 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2017-02-24 18:44 - 2017-03-01 13:45 - 00000984 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2017-02-24 18:41 - 2017-02-24 18:41 - 00000000 ____D C:\@RestoreQuarantine
2017-02-24 18:28 - 2017-02-24 23:58 - 00000000 ____D C:\ProgramData\RegRun
2017-02-24 18:27 - 2017-03-01 19:33 - 00002668 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2017-02-24 18:27 - 2017-03-01 12:43 - 00000000 ____D C:\Users\SamSwanson\Documents\RegRun2
2017-02-24 18:27 - 2017-02-24 18:27 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2017-02-24 18:27 - 2017-02-24 18:27 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-02-24 18:27 - 2017-02-24 18:27 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-02-24 18:27 - 2017-02-24 18:27 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-02-24 18:26 - 2017-03-01 10:10 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2017-02-24 18:26 - 2017-02-24 18:30 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-02-24 18:26 - 2017-02-24 18:26 - 00049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2017-02-24 18:26 - 2017-02-24 18:26 - 00014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2017-02-24 18:26 - 2017-02-24 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2017-02-24 16:57 - 2017-02-24 16:57 - 06971584 _____ (Tim Kosse) C:\Users\SamSwanson\Downloads\FileZilla_3.24.1_win64-setup.exe
2017-02-23 01:05 - 2017-02-23 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 5
2017-02-23 01:05 - 2017-02-23 01:05 - 00000000 ____D C:\Program Files\MetaTrader 5
2017-02-23 01:04 - 2017-02-23 01:05 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\MetaQuotes
2017-02-21 16:25 - 2017-02-21 16:26 - 00000000 ____D C:\ProgramData\SupremoRemoteDesktop
2017-02-21 15:52 - 2017-02-21 16:01 - 00000000 ____D C:\ProgramData\Emsisoft
2017-02-21 15:25 - 2017-02-21 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-21 15:24 - 2017-02-21 15:24 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-21 14:47 - 2017-02-21 14:47 - 00000120 ___RH C:\Users\SamSwanson\Desktop\Stinger.opt
2017-02-21 14:39 - 2017-02-21 14:47 - 00000000 ____D C:\Program Files\stinger
2017-02-21 14:39 - 2017-02-21 14:39 - 00000000 ____D C:\Program Files\McAfee
2017-02-20 21:33 - 2017-02-20 21:33 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\PackageStaging
2017-02-20 21:31 - 2017-02-20 21:31 - 00000000 ____D C:\WINDOWS\Panther
2017-02-20 21:05 - 2017-02-20 21:05 - 00000000 ____D C:\WINDOWS\pss
2017-02-20 21:01 - 2017-03-01 19:33 - 00003068 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-02-20 21:01 - 2017-02-20 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-02-20 21:01 - 2017-02-20 21:01 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-02-20 20:33 - 2017-02-20 20:24 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2017-02-20 20:24 - 2017-02-20 20:24 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-19 17:20 - 2017-02-19 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-19 16:28 - 2017-03-01 20:29 - 00000000 ____D C:\FRST
2017-02-16 11:45 - 2017-02-24 17:06 - 00000869 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2017-02-16 00:59 - 2017-02-16 00:59 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonVPN
2017-02-15 21:57 - 2017-03-01 19:33 - 00002280 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-15 21:52 - 2017-03-01 20:29 - 00000000 ____D C:\Users\SamSwanson\Desktop\Computer fix
2017-02-15 17:34 - 2017-02-15 17:34 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\HomeDev
2017-02-15 17:34 - 2017-02-15 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeDev
2017-02-15 17:34 - 2017-02-15 17:34 - 00000000 ____D C:\Program Files (x86)\HomeDev
2017-02-15 17:26 - 2017-02-15 17:26 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-02-15 17:26 - 2017-02-15 17:26 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2017-02-15 17:05 - 2017-02-15 17:05 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Toshiba Corporation
2017-02-15 17:05 - 2017-02-15 17:05 - 00000000 ____D C:\ProgramData\Toshiba Corporation
2017-02-15 17:04 - 2017-02-15 17:04 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toshiba Corporation
2017-02-15 17:04 - 2017-02-15 17:04 - 00000000 ____D C:\Program Files (x86)\Toshiba Corporation
2017-02-15 17:03 - 2017-02-15 17:04 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\FreshDiagnose
2017-02-15 16:57 - 2017-02-15 16:57 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\JxBrowser
2017-02-13 16:16 - 2017-02-13 16:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-13 14:56 - 2017-02-13 16:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-13 14:26 - 2017-02-13 14:26 - 00100984 _____ C:\Users\SamSwanson\Documents\VME Accounts Gnucash.gnucash.20170213142617.gnucash
2017-02-13 14:24 - 2017-02-13 14:24 - 00100834 _____ C:\Users\SamSwanson\Documents\VME Accounts Gnucash.gnucash.20170213142442.gnucash
2017-02-13 00:03 - 2017-02-13 00:03 - 00000000 ____D C:\ProgramData\Sophos
2017-02-13 00:00 - 2017-02-13 00:00 - 04656523 _____ C:\Users\SamSwanson\Downloads\tdsskiller.zip
2017-02-13 00:00 - 2017-02-13 00:00 - 00208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\55447846.sys
2017-02-12 18:19 - 2017-02-12 18:19 - 00014856 ____N C:\bootsqm.dat
2017-02-11 16:08 - 2017-03-01 20:26 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-11 16:08 - 2017-03-01 20:26 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-11 16:08 - 2017-03-01 20:26 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-11 16:07 - 2017-02-11 16:07 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-11 16:07 - 2017-02-11 16:07 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-11 16:07 - 2017-02-11 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-11 16:07 - 2017-02-11 16:07 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\Program Files\iTunes
2017-02-11 16:04 - 2017-02-11 16:04 - 00000000 ____D C:\Program Files\iPod
2017-02-11 15:29 - 2017-03-01 20:29 - 00078596 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-11 15:29 - 2017-03-01 20:29 - 00034981 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-11 15:29 - 2017-02-11 15:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-02-11 15:29 - 2017-02-11 15:29 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-02-11 15:29 - 2017-02-11 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-11 15:29 - 2017-02-11 15:29 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-02-10 22:40 - 2017-02-10 22:40 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Zemana
2017-02-10 22:39 - 2017-02-10 22:39 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-02-10 22:39 - 2017-02-10 22:39 - 00002398 _____ C:\WINDOWS\system32\.crusader
2017-02-10 22:27 - 2017-02-10 22:27 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-10 22:26 - 2017-02-10 22:39 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-10 20:18 - 2017-02-10 20:18 - 00134080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-10 20:17 - 2017-02-10 20:17 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-10 20:17 - 2017-02-10 20:17 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-10 20:17 - 2017-02-10 20:17 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 20:17 - 2016-12-16 01:33 - 00273696 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-10 20:17 - 2016-12-16 01:33 - 00266528 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-10 20:09 - 2017-02-10 20:17 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 28239928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 19008576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 14677272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 11123936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 11019192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 09308896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 08990584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 03167288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 02715072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 01051584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00988608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00960568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00609216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00573120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-02-10 20:09 - 2017-02-10 20:11 - 00447800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-10 20:09 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-02-10 20:09 - 2017-01-20 17:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-02-10 20:02 - 2017-02-10 20:02 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Chromium
2017-02-10 20:02 - 2017-01-20 19:41 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-02-10 20:02 - 2017-01-20 19:41 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-02-10 20:01 - 2017-03-01 19:33 - 00002918 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-03-01 19:33 - 00003044 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-03-01 19:33 - 00003016 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-03-01 19:33 - 00002898 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-03-01 19:33 - 00002846 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-03-01 19:33 - 00002804 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-10 19:59 - 2017-01-26 09:15 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-02-10 19:58 - 2017-02-10 20:01 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-10 19:58 - 2017-02-10 19:59 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-10 19:58 - 2017-02-10 19:59 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-10 19:58 - 2017-02-10 19:59 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-02-10 13:29 - 2017-02-20 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-08 10:43 - 2017-02-10 20:15 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-08 10:08 - 2017-02-28 15:41 - 00002590 _____ C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2017-02-08 10:08 - 2017-02-28 15:41 - 00002582 _____ C:\Users\SamSwanson\Desktop\Google Chrome Canary.lnk
2017-01-31 00:10 - 2017-02-16 13:28 - 00000000 ____D C:\Users\SamSwanson\AppData\LocalLow\Mozilla

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-01 20:27 - 2012-12-23 13:44 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Ditto
2017-03-01 20:26 - 2016-08-11 19:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-01 20:26 - 2016-07-16 07:04 - 01835008 _____ C:\WINDOWS\system32\config\BBI
2017-03-01 20:26 - 2014-06-15 15:30 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 20:26 - 2012-12-26 18:57 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-01 20:02 - 2013-07-28 08:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-01 19:59 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-01 19:59 - 2012-12-23 13:51 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-01 19:45 - 2016-08-11 19:50 - 00003468 _____ C:\WINDOWS\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2017-03-01 19:45 - 2016-08-11 19:50 - 00002352 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2017-03-01 19:44 - 2016-08-11 19:50 - 00002144 _____ C:\WINDOWS\System32\Tasks\open effects
2017-03-01 19:41 - 2016-08-11 19:48 - 00832116 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-01 19:41 - 2014-11-06 20:01 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-03-01 19:38 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-01 19:38 - 2016-06-05 17:05 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-01 19:38 - 2013-02-28 11:48 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\CrashDumps
2017-03-01 19:37 - 2017-01-12 17:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-01 19:37 - 2016-12-03 22:13 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-03-01 19:37 - 2012-12-23 12:43 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-01 19:37 - 2012-12-23 12:23 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA.job
2017-03-01 19:37 - 2012-12-23 12:23 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core.job
2017-03-01 19:36 - 2012-12-24 01:02 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Spotify
2017-03-01 19:33 - 2017-01-27 09:59 - 00002832 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-01 19:33 - 2017-01-12 17:52 - 00003104 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-01 19:33 - 2016-12-26 18:15 - 00002610 _____ C:\WINDOWS\System32\Tasks\{EE492B24-CD47-404D-95D3-605112E375FA}
2017-03-01 19:33 - 2016-12-03 22:13 - 00003410 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-01 19:33 - 2016-08-15 15:00 - 00002894 _____ C:\WINDOWS\System32\Tasks\Patch My PC
2017-03-01 19:33 - 2016-08-11 19:50 - 00003622 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA1cf27e25ff0855a
2017-03-01 19:33 - 2016-08-11 19:50 - 00003552 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA
2017-03-01 19:33 - 2016-08-11 19:50 - 00003404 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-01 19:33 - 2016-08-11 19:50 - 00003354 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core1cf27e25d7e5085
2017-03-01 19:33 - 2016-08-11 19:50 - 00003280 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core
2017-03-01 19:33 - 2016-08-11 19:50 - 00003180 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-01 19:33 - 2016-08-11 19:50 - 00003154 _____ C:\WINDOWS\System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d
2017-03-01 19:33 - 2016-08-11 19:50 - 00003102 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-03-01 19:33 - 2016-08-11 19:50 - 00002920 _____ C:\WINDOWS\System32\Tasks\20160623_163758_Restore 12 0
2017-03-01 19:33 - 2016-08-11 19:50 - 00002920 _____ C:\WINDOWS\System32\Tasks\20160618_170750_Restore 12 0
2017-03-01 19:33 - 2016-08-11 19:50 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3236326594-2611474830-2656184370-1001
2017-03-01 19:33 - 2016-08-11 19:50 - 00002788 _____ C:\WINDOWS\System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon
2017-03-01 19:33 - 2016-08-11 19:50 - 00002740 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2017-03-01 19:33 - 2016-08-11 19:50 - 00002398 _____ C:\WINDOWS\System32\Tasks\Process Lasso Core Engine Only
2017-03-01 19:33 - 2015-07-24 10:55 - 00000000 ____D C:\ProgramData\WRData
2017-03-01 19:20 - 2016-08-11 19:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-01 18:23 - 2012-12-23 12:27 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Spotify
2017-03-01 18:04 - 2016-02-27 01:27 - 00000000 ____D C:\AdwCleaner
2017-03-01 15:42 - 2016-06-13 10:39 - 00000096 _____ C:\Users\SamSwanson\AppData\Roaming\msregsvv.dll
2017-03-01 15:42 - 2014-01-22 13:15 - 00000128 _____ C:\ProgramData\autobk.inc
2017-03-01 15:42 - 2012-12-27 05:17 - 00000000 ____D C:\ProgramData\ValhallaRoom
2017-03-01 13:58 - 2013-05-04 00:13 - 00000000 ___HD C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA
2017-03-01 13:58 - 2012-10-14 18:47 - 00000000 ___HD C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX
2017-03-01 13:56 - 2012-12-24 01:13 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\vlc
2017-03-01 13:53 - 2016-11-23 15:33 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-01 13:43 - 2012-12-23 10:57 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Packages
2017-03-01 10:32 - 2016-02-15 14:22 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-01 10:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\tracing
2017-03-01 00:07 - 2016-01-11 10:36 - 00000000 ____D C:\Users\Public\Documents\ExponentialAudioLogs
2017-02-27 18:03 - 2016-06-29 15:03 - 00143248 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2017-02-26 20:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-25 14:58 - 2012-12-23 13:18 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\REAPER
2017-02-25 14:03 - 2016-08-12 14:55 - 00000051 _____ C:\Users\SamSwanson\deletedRoute.txt
2017-02-25 14:03 - 2016-08-12 14:54 - 00009424 _____ C:\Users\SamSwanson\AnonVPN.ovpn
2017-02-25 10:26 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 19:51 - 2015-02-14 01:28 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Mp3tag
2017-02-24 18:40 - 2016-08-31 16:31 - 00000000 ____D C:\Program Files\Handbrake
2017-02-24 18:40 - 2014-08-03 21:04 - 00000000 ____D C:\Program Files (x86)\KDNicheFinder
2017-02-24 17:06 - 2012-12-23 13:18 - 00000000 ____D C:\Program Files\REAPER (x64)
2017-02-24 16:58 - 2013-02-17 13:21 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\FileZilla
2017-02-24 11:36 - 2012-12-24 02:10 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\iZotope
2017-02-23 00:26 - 2016-12-14 23:19 - 00000000 ____D C:\Users\SamSwanson\Desktop\Travel Plans
2017-02-22 17:26 - 2012-12-23 12:51 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Dashlane
2017-02-22 17:25 - 2014-03-07 00:23 - 00002013 _____ C:\Users\SamSwanson\Desktop\Dashlane.lnk
2017-02-22 17:25 - 2012-12-23 12:51 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-02-22 01:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-22 01:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-22 00:10 - 2013-01-09 06:42 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Nitro PDF
2017-02-21 17:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-21 16:44 - 2016-12-03 21:06 - 00000000 ____D C:\Program Files\CCleaner
2017-02-21 16:09 - 2016-12-18 13:41 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Electrum
2017-02-21 16:09 - 2015-12-02 13:37 - 03123997 _____ C:\Users\SamSwanson\Desktop\Money 4 Music.epub
2017-02-21 15:32 - 2014-09-16 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Joey Sturgis Tones
2017-02-21 15:32 - 2014-09-16 18:19 - 00000000 ____D C:\Program Files\Joey Sturgis Tones
2017-02-21 15:32 - 2012-12-24 06:19 - 00000000 ____D C:\Program Files\Common Files\VST3
2017-02-21 14:39 - 2016-06-13 17:53 - 00000000 ____D C:\QUARANTINE
2017-02-20 21:36 - 2016-08-11 19:38 - 00000000 ____D C:\Users\SamSwanson
2017-02-20 21:31 - 2012-12-23 10:57 - 00000000 ____D C:\WINDOWS\CSC
2017-02-20 21:29 - 2016-12-05 18:56 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-20 21:28 - 2016-08-11 19:35 - 04961528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-20 21:19 - 2016-03-30 16:21 - 00000000 ____D C:\Users\SamSwanson\Desktop\Social Media Course
2017-02-20 21:19 - 2014-06-07 09:57 - 00000000 ____D C:\Users\SamSwanson\mediahint
2017-02-20 21:19 - 2014-04-04 13:18 - 00000000 ____D C:\Users\SamSwanson\Desktop\Drumatom
2017-02-20 21:19 - 2013-08-05 18:07 - 00000000 ____D C:\Users\SamSwanson\Desktop\StudioPhotoShoot
2017-02-20 21:19 - 2013-02-21 13:15 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\DisplayFusion
2017-02-20 21:19 - 2013-01-03 18:33 - 00000000 ____D C:\Users\SamSwanson\Documents\TAX
2017-02-20 21:17 - 2012-12-23 11:50 - 06096688 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-02-20 20:33 - 2012-12-23 12:25 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-20 20:25 - 2016-08-15 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2017-02-20 20:25 - 2016-08-15 15:04 - 00000000 ____D C:\Program Files\Calibre2
2017-02-20 20:24 - 2012-12-23 12:25 - 00000000 ____D C:\Program Files\Java
2017-02-20 20:21 - 2016-08-15 14:52 - 00605984 _____ (www.patchmypc.net) C:\Users\SamSwanson\Desktop\PatchMyPC.exe
2017-02-20 17:51 - 2016-02-15 14:24 - 00007602 _____ C:\Users\SamSwanson\AppData\Local\Resmon.ResmonCfg
2017-02-19 17:20 - 2016-04-21 13:59 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-19 14:24 - 2015-07-15 20:46 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\DDMF Effect Rack
2017-02-19 11:52 - 2014-08-24 11:43 - 00000000 ____D C:\Program Files (x86)\Media Gobbler, Inc
2017-02-19 11:52 - 2013-06-05 10:24 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-19 11:52 - 2012-12-23 13:38 - 00000000 ____D C:\ProgramData\Gobbler
2017-02-18 21:47 - 2013-02-17 14:33 - 00000000 ____D C:\ProgramData\ValhallaUberMod
2017-02-16 17:07 - 2014-02-10 03:09 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Spectrasonics
2017-02-16 11:45 - 2016-11-23 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)
2017-02-16 00:59 - 2016-08-12 14:54 - 00001150 _____ C:\Users\SamSwanson\Desktop\AnonVPN.lnk
2017-02-16 00:59 - 2016-08-12 14:54 - 00000000 ____D C:\Program Files (x86)\AnonVPN
2017-02-15 22:06 - 2015-01-11 23:36 - 00007710 _____ C:\WINDOWS\system32\--traceoff
2017-02-15 22:04 - 2012-12-27 22:58 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2017-02-15 22:03 - 2014-09-13 15:35 - 00000000 ____D C:\Program Files\iZotope
2017-02-15 22:03 - 2012-12-25 00:35 - 00000000 ____D C:\Users\SamSwanson\Documents\iZotope
2017-02-15 22:03 - 2012-12-25 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2017-02-15 22:03 - 2012-12-25 00:29 - 00000000 ____D C:\Program Files (x86)\iZotope
2017-02-15 22:03 - 2012-12-24 06:19 - 00000000 ____D C:\Program Files\VSTPlugIns
2017-02-15 22:02 - 2012-12-23 13:11 - 00000000 ____D C:\Program Files (x86)\Growl for Windows
2017-02-15 22:01 - 2014-02-12 13:01 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2017-02-15 22:01 - 2012-12-24 01:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-15 22:00 - 2013-09-12 14:56 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Citrix
2017-02-15 22:00 - 2013-05-24 22:11 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2017-02-15 22:00 - 2013-05-24 22:11 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Copy
2017-02-15 21:59 - 2013-05-26 16:02 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-02-15 18:43 - 2013-06-20 07:57 - 01418640 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-02-15 16:50 - 2013-07-14 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2017-02-15 16:50 - 2013-07-14 23:12 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2017-02-13 15:55 - 2013-01-20 16:48 - 00000000 ____D C:\Users\SamSwanson\.gconfd
2017-02-13 15:41 - 2013-01-20 16:48 - 00000000 ____D C:\Users\SamSwanson\.gconf
2017-02-13 15:14 - 2015-06-13 09:16 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-13 14:26 - 2016-06-13 13:37 - 00100965 _____ C:\Users\SamSwanson\Documents\VME Accounts Gnucash.gnucash
2017-02-12 00:07 - 2013-03-09 22:52 - 00000132 _____ C:\Users\SamSwanson\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-02-11 16:12 - 2012-12-23 13:01 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Skype
2017-02-11 16:07 - 2016-06-05 17:05 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\TeamViewer
2017-02-11 16:07 - 2014-06-15 15:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-02-11 16:07 - 2012-12-26 18:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-11 16:06 - 2016-08-15 15:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-11 16:06 - 2012-12-23 12:27 - 00000000 ____D C:\ProgramData\Skype
2017-02-11 16:04 - 2013-07-10 17:57 - 00000000 ____D C:\Program Files\Process Lasso
2017-02-11 16:04 - 2012-12-23 12:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-11 16:00 - 2016-08-15 14:58 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-11 16:00 - 2016-08-15 14:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-11 16:00 - 2013-02-21 13:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-11 12:25 - 2014-01-12 15:06 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\NVIDIA Corporation
2017-02-10 22:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\InputMethod
2017-02-10 22:39 - 2015-06-24 20:14 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\mgyun
2017-02-10 20:20 - 2013-03-14 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-10 20:20 - 2012-12-23 12:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 20:17 - 2016-12-16 01:33 - 00111392 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-37-0.exe
2017-02-10 20:17 - 2016-12-16 01:32 - 00125728 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-37-0.exe
2017-02-10 20:17 - 2015-12-01 17:32 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-02-10 20:17 - 2015-12-01 17:32 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-02-10 20:12 - 2012-12-23 12:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 20:11 - 2016-08-11 20:08 - 34974656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-10 20:11 - 2016-08-11 20:08 - 04079032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 20:11 - 2016-08-11 20:08 - 03597640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 20:11 - 2016-07-16 15:29 - 00420408 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-02-10 20:11 - 2012-12-23 12:43 - 00514616 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-10 20:01 - 2013-07-05 05:36 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\NVIDIA
2017-02-10 20:01 - 2012-12-23 12:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-10 18:50 - 2013-09-17 09:45 - 00000000 ____D C:\ProgramData\Ashampoo
2017-02-10 18:50 - 2013-02-23 16:34 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Smart PC Solutions
2017-02-10 18:50 - 2013-02-23 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Solutions
2017-02-10 13:34 - 2016-11-22 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-09 15:39 - 2015-12-20 01:44 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\boost_interprocess
2017-02-09 15:39 - 2012-12-24 02:10 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Celemony Software GmbH
2017-02-08 23:41 - 2012-12-24 06:23 - 00000000 ____D C:\ProgramData\Slate Digital
2017-02-08 19:27 - 2016-03-02 16:15 - 00001919 _____ C:\Users\Public\Documents\Lurssen TimeLimitReadExpiration.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000292 _____ C:\Users\Public\Documents\Lurssen TimeLimitGenerateLockNames Log.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000095 _____ C:\Users\Public\Documents\Lorssen Log.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000069 _____ C:\Users\Public\Documents\Lurssen CopyProt Log.txt
2017-02-08 19:27 - 2016-03-02 16:15 - 00000008 _____ C:\Users\Public\Documents\Lurssen TimeLimitWriteOneProductSettings.txt
2017-02-08 10:42 - 2017-01-04 15:19 - 01964600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437653.dll
2017-02-08 10:42 - 2017-01-04 15:19 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437653.dll
2017-02-07 17:49 - 2013-06-27 14:37 - 00005632 _____ C:\Users\SamSwanson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 20:48 - 2014-08-27 13:28 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 20:31 - 2013-05-26 16:03 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Audacity
2017-02-03 11:38 - 2015-06-30 19:18 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\ssd_sampler
2017-02-02 16:48 - 2012-12-22 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-02-02 16:48 - 2012-12-22 22:13 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2017-02-02 16:47 - 2012-12-22 22:14 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\AVS4YOU
2017-02-02 16:46 - 2012-12-22 22:13 - 00000000 ____D C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU

==================== Files in the root of some directories =======

2013-01-09 05:51 - 2012-10-02 21:03 - 2712200 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp.exe
2016-10-29 19:23 - 2016-10-29 19:23 - 2722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2016-10-29 19:23 - 2016-10-29 19:23 - 0056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2013-07-29 18:50 - 2013-07-29 18:50 - 0000132 _____ () C:\Users\SamSwanson\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-06-11 13:27 - 2015-08-13 11:46 - 0000132 _____ () C:\Users\SamSwanson\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-03-09 22:52 - 2017-02-12 00:07 - 0000132 _____ () C:\Users\SamSwanson\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-02-12 22:10 - 2014-02-12 22:10 - 0000005 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_496F4C99-60AD-5b9e-AC1B-FA060E643C04.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000013 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_72024697-2626-4a12-8347-7CAC1834AC3B.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000013 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_D9C6A609-15A1-4768-8E98-6FA00C2547CC.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_F4F01109-C336-401f-BDE4-7C1926744104.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_FAB01109-C336-401f-BDE4-AB1926744111.dll
2014-01-26 19:56 - 2014-01-26 19:56 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_FB9AECF7-F56E-7B2E-A862-9892AA545103.dll
2016-06-13 10:39 - 2017-03-01 15:42 - 0000096 _____ () C:\Users\SamSwanson\AppData\Roaming\msregsvv.dll
2016-04-24 21:15 - 2016-06-09 10:20 - 0033783 _____ () C:\Users\SamSwanson\AppData\Roaming\net.telestream.wirecast.xml
2013-06-27 14:37 - 2017-02-07 17:49 - 0005632 _____ () C:\Users\SamSwanson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-17 14:25 - 2015-03-17 14:25 - 0000600 _____ () C:\Users\SamSwanson\AppData\Local\PUTTY.RND
2016-06-15 14:58 - 2016-06-15 14:58 - 0000218 _____ () C:\Users\SamSwanson\AppData\Local\recently-used.xbel
2016-02-15 14:24 - 2017-02-20 17:51 - 0007602 _____ () C:\Users\SamSwanson\AppData\Local\Resmon.ResmonCfg
2014-01-22 13:15 - 2017-03-01 15:42 - 0000128 _____ () C:\ProgramData\autobk.inc
2016-08-11 19:35 - 2016-08-11 19:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-01-22 11:21 - 2014-01-22 11:21 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-01-22 02:03 - 2014-01-22 02:04 - 0000454 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-03 11:42 - 2017-01-03 10:19 - 0000253 _____ () C:\ProgramData\SoundToys_Problem_Log.txt

Some files in TEMP:
====================
2017-03-01 10:32 - 2016-12-09 12:17 - 1886344 _____ (Microsoft Corporation) C:\Users\SamSwanson\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-21 11:10

==================== End of FRST.txt ============================



Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by SamSwanson (01-03-2017 20:30:13)
Running from C:\Users\SamSwanson\Desktop\Computer fix
Windows 10 Pro Version 1607 (X64) (2016-08-11 18:53:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3236326594-2611474830-2656184370-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3236326594-2611474830-2656184370-503 - Limited - Disabled)
Guest (S-1-5-21-3236326594-2611474830-2656184370-501 - Limited - Disabled)
SamSwanson (S-1-5-21-3236326594-2611474830-2656184370-1001 - Administrator - Enabled) => C:\Users\SamSwanson

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

+10db version 1.0.4 (HKLM\...\+10db_is1) (Version: 1.0.4 - Boz Digital Labs)
112dB Big Blue Compressor 1.0.3-r3719 (HKLM\...\112dB Big Blue Compressor 1.0.3-r3719) (Version: 1.0.3-r3719 - 112dB)
112dB Big Blue Limiter 1.1.3-r3719 (HKLM\...\112dB Big Blue Limiter 1.1.3-r3719) (Version: 1.1.3-r3719 - 112dB)
112dB Redline Equalizer 1.0.5-r3719 (HKLM\...\112dB Redline Equalizer 1.0.5-r3719) (Version: 1.0.5-r3719 - 112dB)
112dB Redline Reverb 1.0.10-r3810 (HKLM\...\112dB Redline Reverb 1.0.10-r3810) (Version: 1.0.10-r3810 - 112dB)
2C-Audio Aether (HKLM-x32\...\Aether) (Version: - )
2C-Audio Breeze (HKLM-x32\...\Breeze) (Version: - 2C-Audio)
6030 Ultimate Comp Native (HKLM-x32\...\{96B75FC3-D48A-4F8B-8BC7-5C2728797E4E}) (Version: 6.0.9 - McDSP)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
AATranslator (HKLM-x32\...\{7400C259-1F2E-4FF2-9037-860BF239F39D}) (Version: 4.0.0.2 - Suite Spot Studios)
Abbeyroadplugins EMI Brilliance Pack VST RTAS v1.0.6 (HKLM-x32\...\Abbeyroadplugins EMI Brilliance Pack VST RTAS_is1) (Version: - )
Abbeyroadplugins EMI RS 124 Compressor VST RTAS v1.0.1 (HKLM-x32\...\Abbeyroadplugins EMI RS 124 Compressor_is1) (Version: - )
Abbeyroadplugins EMI TG 12413 Limiter VST RTAS v2.0.1 (HKLM-x32\...\Abbeyroadplugins EMI TG 12413 Limiter VST RTAS_is1) (Version: - )
Abbeyroadplugins EMI TG Mastering Pack VST RTAS v1.0.2 (HKLM-x32\...\Abbeyroadplugins EMI TG Mastering Pack VST RTAS_is1) (Version: - )
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Acronis True Image (HKLM-x32\...\{E5F28743-0DB5-42C1-8B70-5986D88C0BE0}Visible) (Version: 19.0.6581 - Acronis)
Acronis True Image (x32 Version: 19.0.6581 - Acronis) Hidden
acustica AcquaVox (HKLM-x32\...\AcquaVox) (Version: - )
Acustica Audio D361A (HKLM-x32\...\D361A Win x64) (Version: 1.3.609.0 - Acustica Audio)
Acustica Audio EQP1 (HKLM-x32\...\EQP1 Win x64) (Version: 1.3.606.0 - Acustica Audio)
Acustica Audio NEO (HKLM-x32\...\NEO Win x64) (Version: 1.3.606.0 - Acustica Audio)
Acustica Audio REDEQ (HKLM-x32\...\REDEQ Win x64) (Version: 1.3.760.0 - Acustica Audio)
Acustica Audio TAN (HKLM-x32\...\TAN Win x64) (Version: 1.4.072.0 - Acustica Audio)
Acustica Audio TITANIUM3B (HKLM-x32\...\TITANIUM3B Win x64) (Version: 1.3.827.0 - Acustica Audio)
Acustica Audio TRINITYEQ (HKLM-x32\...\TRINITYEQ Win x64) (Version: 1.3.687.0 - Acustica Audio)
AcusticaAudio Nebula3 (HKLM-x32\...\Nebula3) (Version: - )
Adobe After Effects CS4 (HKLM-x32\...\Adobe_3dcb365ab9e01871fb8c6f27b0ea079) (Version: 9 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{A2116AF9-FA9D-41EA-9874-1E40B227D4DE}) (Version: 12.2.5.195 - Adobe Systems, Inc)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.02 - ASUSTeK Computer Inc.)
Altiverb 7 Uninstaller (HKLM\...\{367662CA-394A-4095-9549-973FC3807B9B}_is1) (Version: 7.2 - Audio Ease BV)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Amazon Kindle) (Version: - Amazon)
AmpegSVX (HKLM-x32\...\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}) (Version: 1.1.3 - IK Multimedia)
AmpliTube 3 version 3.11.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.11.0 - IK Multimedia)
AmpliTube 4 version 4.0.1 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.1 - IK Multimedia)
AnonVPN 1.0.5.5 (HKLM-x32\...\AnonVPN) (Version: 1.0.5.5 - AnonVPN.io)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version: - )
Antares AVOX Evo VST RTAS v3.0.2 (HKLM-x32\...\Antares AVOX Evo VST RTAS_is1) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ARC System 2 version 2.1.0 (HKLM\...\{4952A610-D484-4F6A-B1B4-33797CFDB821}_is1) (Version: 2.1.0 - IK Multimedia)
ArcSoft Portrait+ 3 (HKLM-x32\...\{40BB5B1A-6008-4348-8C24-116B654C7ECD}) (Version: 3.0.0.401 - ArcSoft)
ARIA Engine v1.8.4.8 (HKLM\...\ARIA Engine_is1) (Version: v1.8.4.8 - Plogue Art et Technologie, Inc)
Articulate Storyline (x32 Version: 1.02.02 - Articulate) Hidden
ASIO Bridge and Hi-Fi Cable (HKLM-x32\...\VB:ASIOBridge {17359A74-1236-5467}) (Version: - VB-Audio Software)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Assassin's Creed(R) III v1.03 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.03 - Ubisoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
atomiccleaner3 version 1.3.4.1 (HKLM-x32\...\{0D6AB211-A181-4F42-AEB4-127C40BF67EF}_is1) (Version: 1.3.4.1 - atomicware)
AudioEase Altiverb VST RTAS v6.12 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version: - )
AudioEase Speakersphone VST RTAS v1.03 (HKLM-x32\...\AudioEase Speakersphone VST RTAS_is1) (Version: - Audio Ease)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.10 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{01C898E1-38A7-49B1-9398-49E40636E2C5}) (Version: 9.0 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3.10 - Avid Technology, Inc.)
Avid Mbox Driver 1.1.10 (x64) (HKLM\...\{35BAD2B7-E2EF-4A06-80A2-C6C2F23B8F3E}) (Version: 1.1.10 - Avid)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.10 - Avid Technology, Inc.)
AVOX Evo VST (HKLM-x32\...\{65AA5B18-A330-4F35-BCDF-EA85EC888906}) (Version: 3.0.0 - Antares Audio Technologies)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.0.5.510 - Online Media Technologies Ltd.)
Black Rooster Audio Plugin Pack (HKLM\...\Black Rooster Audio Plugin Pack_is1) (Version: - Black Rooster Audio)
BWF MetaEdit 1.3.0 (HKLM\...\BWF MetaEdit) (Version: 1.3.0 - FADGI)
calibre 64bit (HKLM\...\{82EA8033-0AE6-4C1A-91B6-D24BED49AB73}) (Version: 2.79.1 - Kovid Goyal)
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Camtasia Studio 8 (HKLM-x32\...\{2B1F8DD0-873D-4AC3-8400-766F255FE263}) (Version: 8.1.0.1281 - TechSmith Corporation)
Carbonite (HKLM-x32\...\{C7D98EFB-A351-4098-B474-1A5B362DB648}) (Version: 6.2.2 build 6819 (Jan-25-2017) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
CDSoundMaster NICE-EQ-VST-TUBE-FREE (HKLM-x32\...\NICE-EQ-VST-TUBE-FREE) (Version: - )
CDSoundMaster N-TEN-AT4-Bell-Free-64 (HKLM-x32\...\N-TEN-AT4-Bell-Free-64) (Version: - )
CDS-VTC-FREE-PC-VST-64-BIT THE-VINTAGE-TUBE-COLLECTION-FREE-PC-VST-64-BIT (HKLM-x32\...\THE-VINTAGE-TUBE-COLLECTION-FREE-PC-VST-64-BIT) (Version: - )
Celemony Melodyne Studio 4 (HKLM-x32\...\Celemony Melodyne Studio 4) (Version: 4.0.4.004 - Celemony)
COMODO Internet Security (HKLM\...\{0E9AFD45-C3BA-41D1-B54B-495A22CB3409}) (Version: 6.0.64131.2674 - COMODO Security Solutions Inc.)
CP Control (HKLM-x32\...\CP Control) (Version: - )
CrystalDiskInfo 7.0.5 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
D16 Group Repeater (HKLM\...\Repeater_is1) (Version: 1.0.0 - D16 Group)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dashlane (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Dashlane) (Version: 4.6.7.25343 - Dashlane SAS)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
Diamond Cut Forensics8 (HKLM-x32\...\{38C8BBB6-716E-4486-A386-C8D3242959C5}) (Version: 8.10 - Diamond Cut Productions)
DisplayFusion 5.0 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 5.0.0.0 - Binary Fortress Software)
Ditto (HKLM-x32\...\Ditto_is1) (Version: - Scott Brogden)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
DMG Audio Track Range (HKLM\...\Track Range_is1) (Version: 1.0.0 - DMG Audio)
DMGAudio EQuilibrium 1.04 (HKLM-x32\...\DMGAudio EQuilibrium_is1) (Version: - DMGAudio)
DMGAudio Essence 1.00 (HKLM-x32\...\DMGAudio Essence_is1) (Version: - DMGAudio)
DMGAudio Limitless 1.00 (HKLM-x32\...\DMGAudio Limitless_is1) (Version: - DMGAudio)
DragonDisk 1.05 (HKLM-x32\...\{7914B94-1234-44D2-0864-0348EBF012AC}_is1) (Version: - Almageste)
Dropbox (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Dropbox) (Version: 2.10.46 - Dropbox, Inc.)
Drum Leveler version 1.0.0 (HKLM\...\{94B8FDA3-877B-4EB8-A3E9-5D476329F15D}_is1) (Version: 1.0.0 - Sound Radix)
East West Stormdrum Intakt (HKLM-x32\...\East West Stormdrum Intakt) (Version: - )
Easy Tune 6 B12.0912.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0912.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ElastikVst (HKLM-x32\...\{92F027CB-BDF9-4047-A654-13A050908158}) (Version: 1.00.0000 - ueberschall sample service GmbH)
ElastikVst (x32 Version: 1.00.0000 - ueberschall sample service GmbH) Hidden
Electrum (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Electrum) (Version: 2.7.12 - Electrum Technologies GmbH)
EmpressPlugins.Tremolo.VST.v1.0 (HKLM-x32\...\EmpressPlugins Tremolo_is1) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Flux) (Version: - )
FabFilter Pro-C 2.00 (64-bit) (HKLM-x32\...\FabFilter Pro-C 2.00 (64-bit)) (Version: - )
FG-X (HKLM\...\Slate Digital FG-X_is1) (Version: - Slate Digital)
FG-X Virtual Mastering Console (HKLM\...\FG-X Virtual Mastering Console_is1) (Version: - Slate Digital)
Fidelify (HKLM-x32\...\Fidelify) (Version: - )
FileMenu Tools (HKLM\...\FileMenu Tools_is1) (Version: - LopeSoft - Rubén López Hernández)
FileZilla Client 3.24.0 (HKLM-x32\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Flux Full Pack 2.2 (HKLM\...\Full Pack 2.2_is1) (Version: 3.5.25.44238 - Flux)
Flux Junger Audio Level Magic 5.1 (HKLM-x32\...\Flux Junger Audio Level Magic 5.1) (Version: 3.4.6 - Flux)
Folder Marker Free (HKLM\...\Folder Marker Free_is1) (Version: 3.2 - ArcticLine Software)
Genwaveaudio Genwave EQ VST v1.0 (HKLM-x32\...\Genwaveaudio Genwave EQ VST_is1) (Version: - )
GIZMO (HKLM-x32\...\{D0529F5A-C45C-40C0-8457-6A5AF24ABC6E}) (Version: 3.21.4000 - ants Inc.)
Gizmo Central (HKLM-x32\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
GnuCash 2.4.11 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team)
Gobbler (HKLM-x32\...\{C7CE54DC-7AD2-48A8-BB2E-F7C6A8E40BB5}) (Version: 0.21.75.0 - Media Gobbler, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Google Chrome SxS) (Version: 58.0.3026.0 - Google Inc.)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.31.0.6291 (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\GoToMeeting) (Version: 7.31.0.6291 - CitrixOnline)
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
Head Crusher version 1.6 (HKLM\...\Head Crusher_is1) (Version: 1.6 - )
Helium Audio Converter (build 461) (HKLM-x32\...\{8CF3206B-6330-42D6-B35E-CA7098337CB8}_is1) (Version: 2.0.0.461 - Imploded Software)
HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software)
HoRNet AutoGain Pro MK2 (HKLM\...\AutoGain Pro MK2_is1) (Version: 2.0.1 - HoRNet)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
iLok Client Helper (HKLM-x32\...\InstallShield_{DEA491FB-48BC-4B6B-8902-FCD4BAB069BE}) (Version: 5.9.7 - PACE Anti-Piracy, Inc.)
iLok Client Helper (x32 Version: 5.9.7 - PACE Anti-Piracy, Inc.) Hidden
Imperial Delay version 1.5.8 (HKLM\...\Imperial Delay_is1) (Version: 1.5.8 - )
Intel Extreme Tuning Utility (HKLM-x32\...\{7360EE49-7004-4626-A85A-CC48C2D63700}) (Version: 3.2.0.24 - Intel Corporation)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{7858618B-FA45-4797-988D-4E8B793C3B88}) (Version: 17.0.109 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{A7D3C4B3-2CA8-46F3-9C34-63205AC018FF}) (Version: 17.0.109 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Network Connections 18.6.110.0 (HKLM\...\PROSetDX) (Version: 18.6.110.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{DE788AD4-F7CE-4995-ADF8-56174A7B613C}) (Version: 3.0.41.1571 - Intel)
Intel(R) Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
Intel(R) Technology Access Software Asset Manager (x32 Version: 3.4.1942 - Intel Corporation) Hidden
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
ISL (HKLM\...\ISL_is1) (Version: - NUGEN Audio)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
IVGI version 1.0.0 (HKLM\...\IVGI_is1) (Version: 1.0.0 - )
Ivideon Server (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Ivideon Server) (Version: 3.5.6.1213 - Ivideon)
iZotope BreakTweaker (HKLM-x32\...\iZotope BreakTweaker_is1) (Version: 1.00 - iZotope, Inc.)
iZotope BreakTweaker Factory Content (HKLM-x32\...\iZotope BreakTweaker Factory Content_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Insight (HKLM-x32\...\iZotope Insight_is1) (Version: 1.00 - iZotope, Inc.)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.00 - iZotope, Inc.)
iZotope Ozone 6 Advanced (HKLM-x32\...\iZotope Ozone 6 Advanced_is1) (Version: 6.00 - iZotope, Inc.)
iZotope Ozone 7 Advanced (HKLM-x32\...\iZotope Ozone 7 Advanced 7.00) (Version: 7.00 - iZotope, Inc.)
iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.01 - iZotope, Inc.)
iZotope Trash 2 (HKLM-x32\...\iZotope Trash 2_is1) (Version: 2.00 - iZotope, Inc.)
iZotope Vinyl (HKLM-x32\...\iZotope Vinyl_is1) (Version: 1.61 - iZotope, Inc.)
iZotope VocalSynth (HKLM-x32\...\VocalSynth 1.0) (Version: 1.0 - iZotope, Inc.)
Jack (HKLM-x32\...\Jack) (Version: - )
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Kazrog LLC Recabinet 3 VST RTAS v3.1.0 (HKLM\...\Kazrog LLC Recabinet 3_is1) (Version: - )
KD Niche Finder (HKLM-x32\...\KD Niche Finder1.0.0.2) (Version: 1.0.0.2 - AppBreed Software of InnAnTech Industries Inc.)
KDPublishingPro (HKLM-x32\...\{067A07C1-7A31-4881-B53D-DF4CBB865112}) (Version: 1.4.12 - KDPublishingPro.com)
KDPublishingPro (HKLM-x32\...\{215E8D21-F375-4D03-A31F-79CBE44FFB4A}) (Version: 1.2.8 - KDPublishingPro.com)
KDSubmitterPro (HKLM-x32\...\{E1817648-6DF6-400F-BD1B-B5D9E9BD745D}) (Version: 1.0.0 - KDSubmitterPro.com)
Kindle DRM Removal (HKLM-x32\...\KindleDRMRemoval) (Version: 1.4.1 - eBook Converter)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
K-Lite Codec Pack 9.6.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.6.0 - )
K-Lite Codec Pack 9.6.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.0 - )
Kush Audio Clariphonic v1.0 (HKLM\...\Clariphonic_is1) (Version: - Kush Audio)
Lexicon PSP 42 64bit (HKLM\...\Lexicon PSP 42 64bit) (Version: 1.6.2 64bit - PSPaudioware.com)
Liquid Notes version 1.5.2.1 (HKLM\...\{5AC1D63D-6772-417E-B7B8-1E5F686D9703}_is1) (Version: 1.5.2.1 - Re-Compose)
Litecoin (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Litecoin) (Version: 0.8.5.1 - Litecoin project)
Litecoin Core (64-bit) (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Litecoin Core (64-bit)) (Version: 0.10.4.0 - Litecoin Core project)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LoopBe30 - Internal MIDI Ports (HKLM-x32\...\LoopBe30) (Version: - )
Lurssen Mastering Console version 1.0.0 (HKLM\...\{9F525466-89DA-4B7B-BD8C-BBFDC4432DFB}_is1) (Version: 1.0.0 - IK Multimedia)
M30 Reverb (HKLM-x32\...\M30 Reverb) (Version: 1.0.0.1 - TC Electronic)
MacDrive 9 Pro (HKLM\...\{C1521748-8700-4CA0-92F1-46CE26DEDC7D}) (Version: 9.0.4.21 - Mediafour Corporation)
Magic AB VST-x64 1.2.2 (HKLM\...\{6893EEE5-B48F-47a9-81DC-CD54E7767B35}) (Version: 1.2.2 - Sample Magic)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manic Compressor version 1.0.3 (HKLM\...\Manic Compressor_is1) (Version: 1.0.3 - )
Market Samurai (HKLM-x32\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.92.51 - Alliance Software Pty Ltd)
Market Samurai (x32 Version: 0.92.51 - Alliance Software Pty Ltd) Hidden
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1027 - Marvell)
Massey VST Demos (Remove only) (HKLM-x32\...\Massey VST Demos) (Version: - )
MathewLane DrMS Spatial Processor VST RTAS v3.2 (HKLM-x32\...\MathewLane DrMS Spatial Processor_is1) (Version: - )
M-Audio Oxygen Driver 1.2.1 (x64) (HKLM\...\{6F0B8408-835B-4A55-A429-EB899AD68467}) (Version: 1.2.1 - M-Audio)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.0.3.1000 - Maxthon International Limited)
McGill English Dictionary of Rhyme & Verse Perfect 2.0 (HKLM-x32\...\McGill English Dictionary of Rhyme with VersePer~286A7AE6_is1) (Version: - Bryant McGill / McGill International)
MeldaProduction Audio Plugins 10 (HKLM-x32\...\MeldaProduction Audio Plugins 10) (Version: - MeldaProduction)
MeldaProduction MTotalBundle64 8 (HKLM-x32\...\MeldaProduction MTotalBundle64 8) (Version: - MeldaProduction)
Melodyne 3.2 (HKLM-x32\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.2.0202 - Celemony Software GmbH)
Melodyne 3.2 (x32 Version: 3.2.0202 - Celemony Software GmbH) Hidden
MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
Mic Mod EFX VST (HKLM-x32\...\{A77728D4-DF6E-42A9-926C-5164BBF1EA72}) (Version: 1.0.4 - Antares Audio Technologies)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
MJUC version 1.0.1 (HKLM\...\MJUC_is1) (Version: 1.0.1 - )
MJUCjr version 1.0.0 (HKLM\...\MJUCjr_is1) (Version: 1.0.0 - )
Mobile Hotspot Admin (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
Monofilter v4.0 (HKLM\...\Monofilter4_is1) (Version: - NUGEN Audio)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
Nalpeiron Service Update to 6.3.9.2 (x32 Version: 7.3.1 - Nalpeiron) Hidden
Native Instruments Abbey Road 50s Drummer (HKLM-x32\...\Native Instruments Abbey Road 50s Drummer) (Version: 1.2.0.10 - Native Instruments)
Native Instruments Abbey Road 60s Drums (HKLM-x32\...\Native Instruments Abbey Road 60s Drums) (Version: - Native Instruments)
Native Instruments Alicias Keys 1.2 (HKLM-x32\...\Native Instruments Alicias Keys 1.2) (Version: - Native Instruments)
Native Instruments Battery 4 (HKLM-x32\...\Native Instruments Battery 4) (Version: 4.1.5.254 - Native Instruments)
Native Instruments Damage (HKLM-x32\...\Native Instruments Damage) (Version: - Native Instruments)
Native Instruments Elektrik Piano 1.5 (HKLM-x32\...\Native Instruments Elektrik Piano 1.5) (Version: - )
Native Instruments India (HKLM-x32\...\Native Instruments India) (Version: 1.0.0.31 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.5.13 - Native Instruments)
Native Instruments Session Horns Pro (HKLM-x32\...\Native Instruments Session Horns Pro) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Symphony Series Brass Solo (HKLM-x32\...\Native Instruments Symphony Series Brass Solo) (Version: 1.1.0.19 - Native Instruments)
Native Instruments Symphony Series String Ensemble (HKLM-x32\...\Native Instruments Symphony Series String Ensemble) (Version: 1.1.0.7 - Native Instruments)
Native Instruments Symphony Series Woodwind Solo (HKLM-x32\...\Native Instruments Symphony Series Woodwind Solo) (Version: 1.0.0.11 - Native Instruments)
Native Instruments The Giant (HKLM-x32\...\Native Instruments The Giant) (Version: 1.2.0.7 - Native Instruments)
Native Instruments The Grandeur (HKLM-x32\...\Native Instruments The Grandeur) (Version: 1.2.0.2 - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version: - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: - Native Instruments)
nebula3 CM (HKLM-x32\...\{5354D5F2-342D-43DD-A361-B65BF7AABE1D}) (Version: 1.2.837 - Acusticaaudio)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Neutron Advanced (HKLM-x32\...\Neutron Advanced 1.0) (Version: 1.0 - iZotope, Inc.)
NF VST 64-bit Installer (HKLM-x32\...\NF VST 64-bit Installer1.0.3) (Version: 1.0.3 - Nomad Factory)
Nitro Pro 8 (HKLM\...\{47B42E7A-57E9-407B-8DBB-017B86D7B13F}) (Version: 8.5.2.10 - Nitro)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Output Movement (HKLM-x32\...\Output Movement) (Version: 1.0.3 - Output)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.2.1.0324 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.2.1.0324 - PACE Anti-Piracy, Inc.) Hidden
PatchCleaner (HKLM-x32\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev)
PCM Native Reverb Bundle (HKLM-x32\...\PCM Native Reverb Bundle) (Version: - Lexicon)
PCM Native Reverb Bundle (x32 Version: 1.1.3 - Lexicon) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Pi version 1.0.11 (HKLM\...\{CFA5721A-9AA1-4D77-BBC2-78E40216FDAB}_is1) (Version: 1.0.11 - Sound Radix)
PITCHMAP VST-x64 1.6.1 (HKLM\...\{F9754DD6-985B-4e93-A96B-837EE5415F61}) (Version: 1.6.1 - Zynaptiq)
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Plogue chipsounds v1.848 (HKLM\...\__ARIA_1009___is1) (Version: v1.848 - Plogue)
Plogue chipspeech v1.016 (HKLM\...\__ARIA_1017___is1) (Version: v1.016 - Plogue)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Primo Ramdisk Server Edition 5.6.0 (HKLM\...\{94B97E1E-9B67-4012-A126-6319E211A298}_is1) (Version: 5.6.0 - Romex Software)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 8.9.8.94 - Bitsum)
PSP 2Meters 64bit (HKLM-x32\...\PSP 2Meters 64bit) (Version: 2.0.0 64bit - PSPaudioware.com)
PSP 608 MultiDelay 64bit (HKLM\...\PSP 608 MultiDelay 64bit) (Version: 1.6.1 64bit - PSPaudioware.com)
PSP 85 64bit (HKLM-x32\...\PSP 85 64bit) (Version: 1.1.0 64bit - PSPaudioware.com)
PSP BussPressor 64bit (HKLM\...\PSP BussPressor 64bit) (Version: 1.0.3 64bit - PSPaudioware.com)
PSP Echo 64bit (HKLM\...\PSP Echo 64bit) (Version: 1.0.1 64bit - PSPaudioware.com)
PSP MasterComp 1.7.1 64bit (HKLM-x32\...\PSP MasterComp 1.7.1 64bit) (Version: 1.7.1 64bit - PSPaudioware.com)
PSP McQ 64bit (HKLM-x32\...\PSP McQ 64bit) (Version: 1.8.0 64bit - PSPaudioware.com)
PSP Neon 64bit (HKLM\...\PSP Neon 64bit) (Version: 2.0.3 64bit - PSPaudioware.com)
PSP NobleQ 64bit (HKLM\...\PSP NobleQ 64bit) (Version: 1.7.0 64bit - PSPaudioware.com)
PSP oldTimer 64bit (HKLM\...\PSP oldTimer 64bit) (Version: 2.0.0 64bit - PSPaudioware.com)
PSP PianoVerb2 64bit (HKLM-x32\...\PSP PianoVerb2 64bit) (Version: 2.0.0 64bit - PSPaudioware.com)
PSP SpringBox 64bit (HKLM-x32\...\PSP SpringBox 64bit) (Version: 1.0.0 64bit - PSPaudioware.com)
PSP Xenon 1.3.0 64bit (HKLM-x32\...\PSP Xenon 1.3.0 64bit) (Version: 1.3.0 64bit - PSPaudioware.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.3.0 (64-bit) (HKLM\...\{290329c4-a276-3aec-b633-9f5a39d8dd96}) (Version: 3.3.150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Rank Tracker (HKLM-x32\...\seopowersuite) (Version: - )
Rapid SEO Tool 1.3 (HKLM-x32\...\Rapid SEO Tool_is1) (Version: 1.3 - Karlis Blumentals)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Reference 3 VST plugin (32-bit) 3 (HKLM-x32\...\{7627424F-7CB0-471B-AB55-A39F6995C4F0}) (Version: 3.2.11 - Sonarworks)
Reference 3 VST plugin (64-bit) 3 (HKLM\...\{510D6D02-214D-4264-A4FD-96DBD82ACFED}) (Version: 3.2.11 - Sonarworks)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
Relab LX480 Lite VST v1.0 (HKLM-x32\...\Relab LX480 Lite_is1) (Version: - )
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Rhyme Genie (HKLM-x32\...\{E48A1AFC-5649-4CC2-B8E1-BD92022C4CC4}) (Version: 6.0 - Idolumic)
RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software)
Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version: - John Mulcahy)
Sasquatch version 1.2.0 (HKLM\...\Sasquatch_is1) (Version: 1.2.0 - )
SEQ1 Master (HKLM-x32\...\SEQ1 Master_is1) (Version: - NuGen Audio)
SEQ2 Master (HKLM-x32\...\SEQ2 Master_is1) (Version: - NuGen Audio)
SEQ-S (HKLM\...\SEQ-S_is1) (Version: - NUGEN Audio)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
S-GEAR 2 (HKLM\...\S-GEAR 2 CE_is1) (Version: 2.5.7 - Scuffham Amps)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SideWidener version 1.0.2 (HKLM\...\SideWidener_is1) (Version: 1.0.2 - )
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\slack) (Version: 2.1.0 - Slack Technologies)
Slate Digital TRIGGER (HKLM-x32\...\SlateDigitalTrigger) (Version: 1.65 - Slate Digital)
Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
Sniper Elite (HKLM-x32\...\Steam App 3700) (Version: - Rebellion Developments)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - )
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
Softube Acoustic Feedback VST RTAS v1.0.7 (HKLM-x32\...\Softube Acoustic Feedback VST RTAS_is1) (Version: - )
Softube Bass Amp Room VST RTAS v1.0.2 (HKLM-x32\...\Softube Bass Amp Room VST RTAS_is1) (Version: - )
Softube FET Compressor VST RTAS v1.0.3 (HKLM-x32\...\Softube FET Compressor VST RTAS_is1) (Version: - )
Softube Metal Amp Room VST RTAS v1.1.5 (HKLM-x32\...\Softube Metal Amp Room VST RTAS_is1) (Version: - )
Softube Passive-Active Pack VST RTAS v1.0.2 (HKLM-x32\...\Softube Passive-Active Pack VST RTAS_is1) (Version: - )
Softube Spring Reverb VST RTAS v1.0.4 (HKLM-x32\...\Softube Spring Reverb VST RTAS_is1) (Version: - )
Softube Trident A-Range VST RTAS v1.0.2 (HKLM-x32\...\Softube Trident A-Range VST RTAS_is1) (Version: - )
Softube Tube Delay VST RTAS v1.0.5 (HKLM-x32\...\Softube Tube Delay VST RTAS_is1) (Version: - )
Softube Tube-Tech CL 1B VST RTAS v1.0.3 (HKLM-x32\...\Softube Tube-Tech CL 1B VST RTAS_is1) (Version: - )
Softube Vintage Amp Room VST RTAS v1.0.8 (HKLM-x32\...\Softube Vintage Amp Room VST RTAS_is1) (Version: - )
Sonalksis Plug-in Manager 3.00 (HKLM-x32\...\{7A600039-FED6-4C81-AA6E-F151F7FA7EE7}_is1) (Version: - Sonalksis Ltd)
Sonarworks HD reference 2.2 (HKLM-x32\...\{F76463A9-42A2-47D5-B7D4-8838523E64E4}) (Version: 2.2.12.30 - Sonarworks)
Sonarworks HD Reference VST plugin (64-bit) 2.2 (HKLM\...\{3F08FE5F-23E4-423B-A929-8247E4D5193A}) (Version: 2.2.12.30 - Sonarworks)
Sonarworks Reference 3 (HKLM-x32\...\{E8A1DAEE-C491-4833-8D3B-AA8F3E0098AE}) (Version: 3.2.11 - Sonarworks)
SONiVOX Harmonica (HKLM-x32\...\SONiVOX Harmonica) (Version: 1.0 - SONiVOX)
SONiVOX VocalizerPro (HKLM-x32\...\SONiVOX VocalizerPro_is1) (Version: - )
Sonnox Fraunhofer Codec Toolbox v1.0.0 (HKLM\...\Sonnox Fraunhofer Codec Toolbox v1.0.0_is1) (Version: 1.0.0 - Sonnox Ltd, Oxford, UK)
Sonoris Mastering Compressor (HKLM-x32\...\Sonoris Mastering Compressor) (Version: - Sonoris Audio Engineering)
Sound Blaster X-Fi MB 2 (HKLM-x32\...\{44DA67A9-C906-4316-94CB-61B036BBDCE5}) (Version: 1.04.02 - Creative Technology Limited)
SoundToys Native Effects VST RTAS v3.1.2 (HKLM-x32\...\SoundToys Native Effects VST RTAS_is1) (Version: - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
SSD Sampler (HKLM-x32\...\SSD4) (Version: 1.1 - Yellow Matter Entertainment)
SSD Utility (HKLM-x32\...\{3449D0CA-9D99-472B-B36C-A32A58AF18F5}) (Version: 2.2.2645 - Toshiba Corporation)
SSDlife Pro (HKLM-x32\...\{3D843494-7DC4-47C9-9E95-3543F0A4E7BC}) (Version: 2.3.56 - BinarySense Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stereoizer3 v3.1 (HKLM\...\Stereoizer3_is1) (Version: - NUGEN Audio)
Stereoplacer v3 (HKLM\...\Stereoplacer3_is1) (Version: - NUGEN Audio)
Sugar Bytes Looperator 1.0 (HKLM\...\Looperator_is1) (Version: 1.0 - Sugar Bytes)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Surfer EQ version 1.2.2 (HKLM\...\{B8D2A156-B2DE-47BD-9789-F1A850F060C1}_is1) (Version: 1.2.2 - Sound Radix)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tag&Rename 3.7 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7 - Softpointer Inc)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Glue (HKLM\...\The Glue_is1) (Version: 1.2.8 - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd)
ToneBoosters Morphit (HKLM\...\Morphit_is1) (Version: 1.1.4 - ToneBoosters)
Tracker (HKLM-x32\...\com.elance.tracker) (Version: 2.3.3 - Elance Inc)
Tracker (x32 Version: 2.3.3 - Elance Inc) Hidden
T-RackS 3 Black 76 version 3.5 (HKLM\...\{7F0FEB55-6D4A-4892-8A04-3E1EC9001F49}_is1) (Version: 3.5 - IK Multimedia)
T-RackS 3 White 2A version 3.5 (HKLM\...\{4EE378E8-5B8C-4A56-837F-04986F44F14F}_is1) (Version: 3.5 - IK Multimedia)
T-RackS CS version 4.5.0 (HKLM\...\{E931EBCC-55F9-4D67-BA0E-D57C4A893A44}_is1) (Version: 4.5.0 - IK Multimedia)
Trackspacer (HKLM\...\Trackspacer_is1) (Version: 2.0.4 - Wavesfactory)
Tradeo - MetaTrader 4 (HKLM-x32\...\Tradeo - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Transify version 1.3 (HKLM\...\Transify_is1) (Version: 1.3 - )
TuneSmith (HKLM-x32\...\{9061CD4C-6D8A-465B-A2DF-530DF94BCE4D}) (Version: 3.0 - Idolumic)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.25 - Tweaking.com)
UAD drivers. This may take a while... (x32 Version: 9.0.0.58759 - Universal Audio, Inc.) Hidden
UAD Powered Plug-Ins (HKLM-x32\...\{9b9c7089-62a6-4bba-887c-4b94398cc561}) (Version: 9.0.0.58759 - Universal Audio, Inc.)
UAD Powered Plug-Ins (Version: 9.0.0.58759 - Universal Audio, Inc.) Hidden
UAD Powered Plug-Ins (x32 Version: 9.0.0.58759 - Universal Audio, Inc.) Hidden
ubCore64 5.63 (HKLM-x32\...\InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}) (Version: - )
ubCore64 5.63 (Version: 5.63 - Unibrain) Hidden
UNCHIRP VST-x64 1.0.0 (HKLM\...\{FE7EB46F-1099-46e2-9165-D10058814B7D}) (Version: 1.0.0 - Zynaptiq)
UNFILTER VST-x64 1.2.1 (HKLM\...\{F74A8B13-C915-4CE2-ACE0-CC6845C9D89D}) (Version: 1.2.1 - Zynaptiq)
UnHackMe 8.60 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
URS Classic Console Strip Pro VST RTAS v1.0 (HKLM-x32\...\URS Classic Console Strip Pro VST RTAS_is1) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VerbSuite Classics - Fusion-IR Bricasti M7 (Part 1) 1.1 (HKLM\...\VerbSuite Classics - Fusion-IR Bricasti M7 (Part 1)) (Version: 1.1 - LiquidSonics)
VerbSuite Classics - Fusion-IR Bricasti M7 (Part 2) 1.1 (HKLM\...\VerbSuite Classics - Fusion-IR Bricasti M7 (Part 2)) (Version: 1.1 - LiquidSonics)
VerbSuite Classics (HKLM\...\Slate Digital VerbSuite Classics_is1) (Version: 1.0.3.2 - Slate Digital)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version: - )
Virtual Buss Compressors (HKLM\...\Slate Digital Virtual Buss Compressors_is1) (Version: 1.2.7.7 - Slate Digital)
Virtual Tape Machines (HKLM\...\Slate Digital Virtual Tape Machines_is1) (Version: - Slate Digital)
VisLM v1.5.1 (HKLM\...\VisLM_is1) (Version: - NUGEN Audio)
Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visualizer v1.9.2 (HKLM-x32\...\Visualizer1_9_is1) (Version: - NuGen Audio)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VocALign Pro 4 VST (HKLM-x32\...\{EB77C666-B349-4046-8BD3-E4941119E1EF}) (Version: 4.00.0000 - Synchro Arts Ltd)
Voxengo Boogex (HKLM\...\Voxengo Boogex_is1) (Version: 2.1 - Voxengo)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Waves Complete (HKLM\...\Complete_is1) (Version: 2016.11.22 - Waves)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.15.40 - Webroot)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\WinDirStat) (Version: - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)
Zynaptiq ADAPTIVERB (HKLM\...\ADAPTIVERB_is1) (Version: 1.1.0 - Zynaptiq)
Zynaptiq ADAPTIVERB (HKLM-x32\...\Zynaptiq ADAPTIVERB) (Version: 1.0.1 - Zynaptiq)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3236326594-2611474830-2656184370-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04EFF940-BF67-4191-9209-1125A09409A3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {05848826-F541-4A0C-B9F2-1611BC2C39B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core1cf27e25d7e5085 => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {063A0BFF-9FB6-4A57-A0FE-92E13D9CF789} - \Auslogics\BoostSpeed\Start BoostSpeed оn SamSwanson logon -> No File <==== ATTENTION
Task: {08ABE768-2FEF-4170-8066-25BB5001F947} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {09888CEB-9E1F-4B6B-BF4A-DB2571F3F71B} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2016-08-15] (ASUSTeK Computer Inc.)
Task: {0F509641-76C6-4FAB-BEF3-CB600B547AC5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1471D492-58EE-4C44-BE77-AF989C926662} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1A41D700-2897-4BAA-A036-58E78AA05409} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1F8E022B-DD5B-4C81-B850-C98F8B88CD15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-20] (Piriform Ltd)
Task: {21C96E5B-F2CD-4BC9-8E73-CA85AC55B19E} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2012-12-25] (Arainia Solutions)
Task: {23972D0B-9EA4-444E-94E3-FEF38A46F53D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {25A3DFC4-D040-485E-B0C3-426340897B2A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-10-11] (Intel Corporation)
Task: {26678860-B1BB-4488-B82C-9D65CF436774} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-26] (NVIDIA Corporation)
Task: {28DC6CF1-3441-4644-839D-CA8C38FCF81F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-26] (NVIDIA Corporation)
Task: {2A5F42E1-3D73-43DE-AD75-7C45767E1073} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-26] (NVIDIA Corporation)
Task: {31B61FA2-6781-4DDF-A0E6-B5E23DA9740B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {34709417-D411-4C04-AC19-79E7834F99FF} - System32\Tasks\20160618_170750_Restore 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2012-08-13] (Nero AG)
Task: {355B0E4F-F22C-472D-80DF-8E171D2F3733} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2015-01-05] (Maxthon International ltd.)
Task: {36AD6884-E5D4-488D-95F6-FE8F55B41FAC} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-02-20] (Tweaking.com)
Task: {39DBE3EA-4037-4B26-AD52-FC269D6B2855} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3BC80582-EF19-47C4-B5B2-6C63A4573C8E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {40305E3B-34DB-4DB3-B2A3-B9F92E3C5D26} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {460D91C7-7A6C-4120-BDF1-351A93CF1157} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {4A2A02C8-A390-4ABD-A482-7FE54A9654CB} - System32\Tasks\open effects => C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe [2015-07-15] ()
Task: {4E2CFB07-EBB0-4549-8B69-C13637DFE808} - System32\Tasks\Patch My PC => C:\Users\SamSwanson\Desktop\PatchMyPC.exe [2017-02-20] (www.patchmypc.net)
Task: {52F29D63-FCB4-4A1A-BF18-02E57B5BE9A1} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-11] (Intel Corporation)
Task: {5B36754A-B7BE-41F5-BE37-F12045B1C69B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {5D25CD93-550A-42DF-8295-8A2C8AB3DF1E} - \avastBCLRestartS-1-5-21-3236326594-2611474830-2656184370-1001 -> No File <==== ATTENTION
Task: {5D6CA38A-4C4C-4E18-8C5D-5E2224AEC118} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {63D37EC5-5EDB-47FF-9FD1-1EBEC107D223} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {66365F28-CE4B-45AD-A996-337675E8A58E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {668D7E1E-ED4D-47C9-90C6-0775FE94025F} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-01-10] (Intel Corporation)
Task: {697EFF5B-44E8-4A03-844A-5C3AD38E4FEA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {6C09C286-EFF3-4AD4-8FB6-8392EB892C5F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA1cf27e25ff0855a => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {6C51BCE8-98E4-49AD-970F-82BA1B4FC324} - System32\Tasks\20160623_163758_Restore 12 0 => C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\NBCore.exe [2012-08-13] (Nero AG)
Task: {6E398F56-89B4-4FC1-8AEA-E632E89C8918} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6F7DD068-47F7-4EE2-B113-F6BC5435281D} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {7388C649-BD6B-458E-BB7D-615016D011FC} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-13] (COMODO)
Task: {7C23857E-26FD-48C7-AADC-94F9F547CB5F} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2017-02-11] (Bitsum LLC)
Task: {7D6CD2E9-7D16-4990-876E-A1DDD1C333DC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {8C2DAB06-A415-4E79-9FD2-92C60BC7FA67} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8D7DD635-2A2D-4000-8D1F-4C6B77F8D80E} - System32\Tasks\Microsoft\Windows\PLA\System\{2BCE5899-48A6-4AB8-B3D9-62E4245605D0}_System Diagnostics => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {95C752B4-7B0C-48D9-AE1C-3942F5D3BB76} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27] (COMODO)
Task: {96FDF968-3B9A-47A0-8729-22C64981D02C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {9929E7D3-69C5-48B3-BD78-4DA035C80291} - System32\Tasks\{BBCD0C7D-45F8-4AA4-A784-5E4F16371482} => pcalua.exe -a E:\ashampoo_firewall_free_1.20_sm.exe -d E:\
Task: {9AC9EE1F-3C7D-4D11-A723-C108476BA2FD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-22] (Adobe Systems Incorporated)
Task: {9F6C043A-F8EF-4589-9123-0EF833FBDDE8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-26] (NVIDIA Corporation)
Task: {A75CC2EA-C50E-4D36-AEA1-91212A6641DB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AD0C68FF-F1EF-4C1E-A767-DBD5729882A2} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-02-24] (Greatis Software)
Task: {AD2F8636-6963-4AAD-A26F-1D01E01200F0} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2013-01-14] ()
Task: {AD93EA85-7159-4B00-A2A8-DC9C6441F3A7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {BD2046AE-D49F-4ADD-BCDE-8005342B87D5} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-27] (COMODO)
Task: {BDE36E30-62CC-4A29-816E-3A295DC2890B} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-26] (NVIDIA Corporation)
Task: {C1590D8D-F402-4E93-8D27-AFD81BC6A5C3} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {C374DDAD-C0E9-49BF-A6B0-9ED56EB2165C} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2016-08-15] ()
Task: {C488B36A-662D-4D82-8D4E-7ACDD04C6206} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-10-11] (Intel Corporation)
Task: {CA31EB53-D7B0-4140-9BF1-68356F601421} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-22] (Adobe Systems Incorporated)
Task: {D583F66C-8EAB-4249-8FEB-75F592B49722} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {D6716D1C-E449-4AF6-8063-D330FAEA820B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D8D805E5-AFF8-477C-B46C-3A79C13D64E8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {DAE7EBFF-9B4D-438B-A0E1-76A7FE896D57} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E3CC8218-7A1E-4B80-B0E8-C9C2FA606B1B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E4290C7D-DF68-49AF-B8D3-ECF30CFCE984} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E8E81B66-3E1E-448E-9EDA-61D64DB64920} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {E8F94C64-88AA-4D59-AE81-D4BF8E78B677} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-13] (COMODO)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {F19205EB-384D-455D-99E3-6BC1A4840E68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F1C40402-4D4E-40EC-9F8D-55452716F7E0} - System32\Tasks\{EE492B24-CD47-404D-95D3-605112E375FA} => pcalua.exe -a "S:\More VSTI\Orchestral.Tools.Metropolis.Ark.2.Orchestra.Of.The.Deep.KONTAKT-P2P\METROPOLIS Ark 2 Win Installer.exe" -d "S:\More VSTI\Orchestral.Tools.Metropolis.Ark.2.Orchestra.Of.The.Deep.KONTAKT-P2P"
Task: {F6E4AD78-6FF4-4B5F-A68C-36575464E8A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F8D01798-23CD-4BD7-A4B2-3C85ED5B55C9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F95AB783-6CE0-421A-B5CE-89C59CE572F7} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-26] (NVIDIA Corporation)
Task: {FAD23CE4-F70B-4FE3-B9F6-F8719DFDC955} - System32\Tasks\Microsoft\Windows\PLA\System\{EC8853F4-75E4-4154-B078-27C2E7531492}_System Diagnostics => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {FF6E9CA0-FA25-46F9-970E-F95E6DF9AFA3} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-10-11] (Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core.job => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA.job => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 23:35 - 2016-12-13 23:35 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-12-23 12:43 - 2017-01-20 16:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-24 01:09 - 2016-05-24 01:09 - 00127336 _____ () C:\Program Files (x86)\AnonVPN\bin\AnonVPNService.exe
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-07 16:14 - 2014-01-07 16:14 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-02-10 20:00 - 2017-01-20 19:40 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-10 20:00 - 2017-01-20 19:40 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-07-07 10:44 - 2015-07-07 10:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2016-04-26 13:30 - 2016-04-26 13:30 - 00367824 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2017-02-11 16:07 - 2017-02-11 16:07 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-11 16:07 - 2017-02-11 16:07 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-11 16:07 - 2017-02-11 16:07 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-10-14 14:31 - 2016-10-31 09:17 - 01244408 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2016-10-31 09:17 - 2016-10-31 09:17 - 04463592 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2016-12-13 23:35 - 2016-12-13 23:35 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-07 16:16 - 2013-01-14 16:37 - 01406776 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
2016-10-13 08:57 - 2016-10-13 08:57 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-09-14 10:10 - 2016-09-14 10:10 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 10:41 - 2017-01-11 10:41 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-12-23 13:44 - 2012-11-09 03:17 - 01433200 _____ () C:\Program Files (x86)\Ditto\Ditto.exe
2014-02-18 21:52 - 2017-02-20 17:22 - 00544208 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\DashlanePlugin.exe
2012-01-20 11:27 - 2015-07-15 21:28 - 03042304 _____ () C:\Program Files (x86)\DDMF\Virtual Audio Stream\EffectRack.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-10-14 14:48 - 2016-10-31 09:17 - 07382232 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2016-04-16 11:56 - 2016-06-29 11:01 - 09698296 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2014-12-21 17:07 - 2014-12-21 17:07 - 00119822 _____ () C:\Program Files (x86)\AnonVPN\bin\libgcc_s_dw2-1.dll
2014-12-21 17:07 - 2014-12-21 17:07 - 01026062 _____ () C:\Program Files (x86)\AnonVPN\bin\libstdc++-6.dll
2014-01-07 16:14 - 2017-03-01 20:26 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-01-07 16:14 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2015-08-11 14:36 - 2015-08-11 14:36 - 00024896 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
2016-10-14 14:25 - 2016-10-14 14:25 - 00037808 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2016-10-14 14:48 - 2016-10-14 14:48 - 04355264 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 14:59 - 2015-08-23 14:59 - 00606672 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\sqlite3.dll
2016-10-14 14:47 - 2016-10-14 14:47 - 20605872 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2015-11-16 17:05 - 2015-11-16 17:05 - 00126928 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2016-04-16 11:45 - 2016-04-16 11:45 - 00248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2017-02-10 20:01 - 2017-01-20 19:40 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-10 20:00 - 2017-01-20 19:40 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-10 20:00 - 2017-01-20 19:40 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-01-07 16:16 - 2013-01-14 17:16 - 05771136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
2014-01-07 16:16 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
2014-01-07 16:17 - 2012-08-03 16:41 - 00043520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2014-01-07 16:17 - 2012-08-03 16:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00350160 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00441808 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00465872 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 62691792 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00285648 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 06186448 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 07395280 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.6.7.25343.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-01-07 16:16 - 2013-01-15 15:30 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2014-01-07 16:17 - 2012-07-25 09:56 - 01124864 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00875520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 13674960 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 02215376 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.6.7.25343.dll
2017-02-22 17:23 - 2017-02-20 17:21 - 00334288 _____ () C:\Users\SamSwanson\AppData\Roaming\Dashlane\4.6.7.25343\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.6.7.25343.dll
2015-11-10 18:38 - 2015-11-10 18:38 - 08337408 _____ () C:\Users\SamSwanson\Downloads\SonarworksforDDMF\Reference3.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-10-14 14:27 - 2016-10-14 14:27 - 00333744 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2016-10-14 14:25 - 2016-10-14 14:25 - 00050096 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2016-10-14 14:25 - 2016-10-14 14:25 - 00445872 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-10-14 14:23 - 2016-10-14 14:23 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2014-01-07 16:16 - 2016-08-15 14:56 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2016-10-25 02:29 - 2016-10-25 02:29 - 00224768 _____ () C:\WINDOWS\SYSTEM32\UAD2DriverClient.dll
2016-10-25 02:29 - 2016-10-25 02:29 - 02058752 _____ () C:\WINDOWS\SYSTEM32\UAD2SDK.dll
2014-04-27 13:17 - 2000-01-01 01:00 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\grep.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\MBR.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\NIRCMD.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\NvContainerRecovery.bat:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\NvTelemetryContainerRecovery.bat:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\PEV.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\sed.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SWREG.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SWSC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SWXCACLS.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins002.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins005.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins006.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\unins007.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\zip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AcpiServiceVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AddressParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVCatalog.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVDllSurrogate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntStreamingManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntSubsystemController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntSubsystems64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVEntVirtualization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVIntegration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVManifest.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVOrchestration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVPublishing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVReporting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVScripting.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppVShNotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audioLibVc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\baaupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdechangepin.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactActivation.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cscui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64Proxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DbgModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64F3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv201.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv211.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSBoostDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPONS64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLimiterDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSNeoPCDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSSymmetryDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PGFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PLFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PREC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExtrasXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FMAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveprompt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GenValObj.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HarmanAudioInterface.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HiFiDAX2API.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMClariFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMEQ.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\HMEQ_Voice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMHVS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMLimiter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HMUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ICEsoundAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ImplatSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelSSTAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelSstCApoPropPage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KAAPORT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kdhvcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\libpng15.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvcProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapstoasttask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapsupdatetask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO5064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO6064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO7064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioRealtek64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxSpeechAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO2064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MISS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICAPOlfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NahimicAPONSControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICV2apo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICV3apo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nativemap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NmaDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvapi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvDecMFTMjpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434709.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6434788.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435354.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435887.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435906.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6436909.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437254.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437653.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6437849.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434709.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6434788.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435354.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435887.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435906.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6436909.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437254.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437653.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6437849.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvEncodeAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvfatbinaryLoader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvFBC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco6420103.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvhdap64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvIFR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvoglv64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvptxJitCompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\partizan.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneServiceRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Phoneutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneutilRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\prm0005.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwcreator.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEA64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RCoInstII64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpshell.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReWire.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RltkAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtDataProc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkApi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCfg64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCoLDR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtlCPAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtNicProp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtPgEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTSnMg64.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SECOMN64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\securekernel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEHDHF64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEHDRA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET8ED1.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SET8FC2.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETA251.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SETA93F.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFNHK64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFSS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sl3apo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slcnt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slprp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sltech64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRRPTR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSHP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSWOW64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tepeqapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosade.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosasfapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\toseaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tossaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tossaemaxapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TransportDSA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tspubwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataAccessRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpncmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo-1-1-0-37-0.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiConfigSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifiprofilessettinghandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModelOOBE.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XamlTileRender.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zlib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AddressParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DbgModel.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NmaDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcompiler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuda.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvcuvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncMFTH264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvFBC.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvoglv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvopencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\opencl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Phoneutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhoneutilRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReWire.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RltkAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SECOMN32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SEHDHF32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SFCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slcext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\subinacl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SYNSOEMU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeEditkb.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccessRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-37-0.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vulkaninfo.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmploc.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AppVStrm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AvidMbox.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AvidMbox_DFU.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ClipSp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\DDMFaudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\file_tracker.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidusb.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvservice.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaStorA.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\LGVirHid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbae64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndisrfl.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Neo6_x64_VPN.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nettap630.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvhda64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rt640x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RTKVHD64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET8839.tmp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srvnet.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tib.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tib_mounter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tnd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tsvadpcm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UAD2Pcie.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UAD2System.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UAD2WdmAudio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\virtual_file.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wof.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\UpdateHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Microsoft:Gb9iHSAhBg9BV12C3k73XBgHLQz [2384]
AlternateDataStreams: C:\ProgramData\Microsoft:gVCZtV597Pk0byqtUxyu9ZFc [2548]
AlternateDataStreams: C:\ProgramData\Microsoft:HkCk6pH2rgF930hJgx9 [2112]
AlternateDataStreams: C:\ProgramData\Microsoft:pyzvIDdUHQPoJqcsmkYzVeN [2130]
AlternateDataStreams: C:\ProgramData\Microsoft:w3lVKHfpoNp0LGn1SO56 [2532]
AlternateDataStreams: C:\ProgramData\Microsoft:ZUQvhkhISSBkTH7rGp [2562]
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B [152]
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [136]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:3rwwZhw2tLiAmOSNHAwYUqSaJU [1858]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:IZqLckuoBEmSeyWZ9jWWGPoF9 [2068]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:pZUQi9r51MMNkceOnZGIDucq [2336]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:suYxzGFC9bvFaXMRmXkqqt [1952]
AlternateDataStreams: C:\Users\SamSwanson\Cookies:w6io6svORgLdd8KCHJbkN71r [2442]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Czech taxes for dummies 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\dokument.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Formulář_žádosti__pro_cizince,_neobčany_EU_a_jejich_rodinné_příslušníky-rev.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\how to licesne musick.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Money 4 Music.epub:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\PatchMyPC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Potvrzení_o_zajištění_ubytování_FO.DOC:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\RevoicePro.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\Rights-Owner-Repertoire.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\SigLotSizeCalV1.2.xls:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\SM-Offshore-Banking-Report.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\SongMarket.epub:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\uTorrent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Desktop\uTorrent.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\3AC2.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (10).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (10).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (2).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (2).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (3).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (3).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (4).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (4).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (5).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (5).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (6).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (6).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (7).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (7).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (8).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (8).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (9).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup (9).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ChromeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\ec19.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.15.0.2_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.16.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.16.1_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.18.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.19.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.20.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.21.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.22.1_win64-setup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.22.2.2_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.23.0.2_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.24.0_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\FileZilla_3.24.1_win64-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\tdsskiller.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\SamSwanson\Downloads\tdsskiller.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\bvSO2cjMUSN:nKkdVTct7EMl42YHS3SZExMJ [2388]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX:eek:6d4DS5PFDAk03KTXvn2F2mu [2712]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA:03HrcMG15SDYyUw1Sza8AWAbY [2338]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\Temporary Internet Files:xwH7V3jDNbvYm9CzQAMppM [2254]
AlternateDataStreams: C:\Users\SamSwanson\Documents\2015 tax return Horton.pdf:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2017-02-20 21:19 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\wallpaper_2.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: WSearch => 2
HKLM\...\StartupApproved\StartupFolder: => "Snagit 11.lnk"
HKLM\...\StartupApproved\StartupFolder: => "LoopBe30 Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RunDLLEntry"
HKLM\...\StartupApproved\Run: => "THXCfg64"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "googletalk"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (2)"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (1)"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (3)"
HKLM\...\StartupApproved\Run32: => "Carbonite Backup"
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPortf0ac3e"
HKLM\...\StartupApproved\Run32: => "ZAM"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\StartupFolder: => "RBTray.exe"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\StartupFolder: => "SpeedFan.lnk"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Gobbler"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6884A160BCC04722E6F4385CB6FFBBDA"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GizmoDriveDelegate"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Copy"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update (2)"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update (3)"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update (1)"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update (4)"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DriverMax"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_20359AAFD869880A09A939B153F8703B"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8811F55-5587-4E2E-9803-5F89E86BE479}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E4BE2C83-8EFB-40F4-AA36-DF1B6E02FC63}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7E50ECC5-ADEE-41F4-B456-DD8184B7B9D7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{06E10D22-128D-4D9C-81AE-CFCC8F5C0D78}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{800BE274-31F7-4485-93FA-49D22449C363}] => (Allow) S:\SteamGameLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{B6A68273-9DDE-4550-BF33-23B26844ED8A}] => (Allow) S:\SteamGameLibrary\SteamApps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{E5A8B4EF-E0C3-46C4-8655-F4667B7C0FC3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{AF19923E-DFBF-44CE-8E35-C061282BF825}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [UDP Query User{F5776BFC-9EE0-43A2-B705-766521F94B2D}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{A17EFB4D-9DC9-470C-8B1B-BC335E7CA9B8}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{FEB8E9ED-9B27-4C04-AE59-C6FB21E4CFEE}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [TCP Query User{4FC0708F-E22A-46A0-B3A1-8BAF833E3603}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [UDP Query User{82951DBB-1382-405F-B496-B2CB552D2CC9}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F2B9FCED-0F9D-49E0-9B96-B20FC514B119}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{32E5E5FF-AE09-40CA-9019-D3486EEBABF5}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [TCP Query User{43AFE483-1F63-4C55-8462-69C60BC018BA}C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe] => (Block) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{EB46C128-ED00-4C3F-8F84-47470F58C813}] => (Block) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [{69B1232F-5701-454C-ADFE-08E54D6B0920}] => (Block) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [UDP Query User{1AB4FC87-2B0D-472E-A3E6-61C2B6C070FA}C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe] => (Allow) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [TCP Query User{EB0FECB5-C9BD-488B-99F8-68E3EE0359D9}C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe] => (Allow) C:\program files\nyrvsystems\pluginscanner\nyrvpluginscanner_x64.exe
FirewallRules: [UDP Query User{2AFF58C6-0DEA-4814-BFFB-9396E88BD493}C:\program files\reaper (x64)\plugins\reaper_host64.exe] => (Block) C:\program files\reaper (x64)\plugins\reaper_host64.exe
FirewallRules: [TCP Query User{78335E54-289F-41C9-A7FB-1EEC0AC1D749}C:\program files\reaper (x64)\plugins\reaper_host64.exe] => (Block) C:\program files\reaper (x64)\plugins\reaper_host64.exe
FirewallRules: [{7AF1A041-07C9-4959-8274-77EE03809209}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6986C6E8-5AE1-4AF7-9F1B-8E4880BEF5F9}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9A87E20F-0224-40A4-A0A6-CF2D427F4D20}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BA177546-4044-4C07-AFE8-69887582567D}] => (Allow) C:\Users\SamSwanson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{0BFC59AF-9A77-433F-9D79-6A42BC3B990E}C:\program files (x86)\idolumic\tunesmith\tunesmith.exe] => (Block) C:\program files (x86)\idolumic\tunesmith\tunesmith.exe
FirewallRules: [TCP Query User{A3ECAB14-43DA-4877-B411-E11F65833A70}C:\program files (x86)\idolumic\tunesmith\tunesmith.exe] => (Block) C:\program files (x86)\idolumic\tunesmith\tunesmith.exe
FirewallRules: [{9F08C694-EC8D-4028-B569-CC536012E7BB}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{B184610F-D175-44C7-B31A-4C9CF612667C}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{85F3ACDA-06E5-4E75-BBB3-E4993FCACAEA}] => (Allow) LPort=1688
FirewallRules: [{FE438153-8F8D-492D-A2FB-B9DC4D356A58}] => (Allow) LPort=1688
FirewallRules: [{4810449D-6142-46CE-90E8-E59770BFC440}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CA27EC5C-5D60-4DE9-A224-7B39FC82845B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{50841857-DD2A-46AC-8627-9A7BE07699D7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4EF546A8-7388-4B39-8C68-16D263B1252B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{901F754B-7F53-41C0-A07B-A4D8D0DFE036}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FF7228E9-9CA7-41CD-A723-2F149E256AC0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6FA2A9E8-A72E-42CF-A794-B18CC107DEA1}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{F71782BC-163B-4084-BA5E-9BE299F8C6C3}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{159A065B-2BA1-4A71-8EE1-BAAEA61F9001}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{FE35395F-4673-4FC1-85FB-576D178B0B1D}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [UDP Query User{1579E7CF-1850-48C3-886A-632A8EC41CB6}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [TCP Query User{7DCC07A6-5616-48B2-AC59-2C37A069E637}C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [UDP Query User{AB2EA62A-A8E9-4766-83D1-08DEFBBBBB76}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4E60A726-4483-4E32-9B1C-85B9E69C232F}C:\users\samswanson\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\samswanson\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5EE2E0AD-9DAB-4F6D-8D38-0A41D29BF39E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AE76EA5F-CF6E-4FDC-BF69-7187C5A8CD22}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D524EB94-7130-4A51-9936-58807A7CCC32}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DC004AA2-EAB9-45C4-8636-FBF333884C16}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{264C0F87-944D-4B28-B875-008CE407DCEC}] => (Allow) C:\Program Files (x86)\gnucash\bin\gconfd-2.exe
FirewallRules: [{BEEFD323-7E07-406B-B349-2515E304A47A}] => (Allow) C:\Program Files (x86)\gnucash\bin\gconfd-2.exe
FirewallRules: [{4C7D8CF3-F3E2-46AD-8B64-D3064C44978B}] => (Allow) C:\Program Files (x86)\gnucash\bin\gnucash.exe
FirewallRules: [{B73A089E-647C-40E4-BC4B-061EE4354A35}] => (Allow) C:\Program Files (x86)\gnucash\bin\gnucash.exe
FirewallRules: [{159B9D62-A976-4BF7-8EBB-1E2082C0DA3B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{394FFBE6-FF1C-4139-B2B4-B00E21956F4E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{57DFEDDE-D220-4A8D-85E3-2EDBBBE665B2}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{09BB3EE1-42E8-4B70-B9FB-ECEE43D6E6E7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [UDP Query User{8B077964-B2EF-4647-B909-569A0E35D127}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [TCP Query User{BA5E5EF7-5ADA-4398-A746-A25FDEA7334A}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{39D9F0E3-EEF9-4650-94DB-AD618B47C70A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [{D3A12194-DFB4-41DE-BAFE-163B728B7C2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\call of duty modern warfare 3\iw5mp.exe
FirewallRules: [UDP Query User{C489928B-BCB6-4CAD-B115-8637D6D5F1E2}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [TCP Query User{873D8F9D-EA4F-4D25-9643-79E633CB1825}C:\program files\reaper (x64)\reaper.exe] => (Block) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [{3AE70BBF-4187-408E-8552-8C40592320B4}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{23AC632F-EAB7-4D82-91A0-AF1745451F95}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [UDP Query User{34448265-8649-4C33-AC9D-CE6B4BDE66C0}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [TCP Query User{CC138988-1294-4E93-B9F7-B5EEEAF4385B}C:\program files (x86)\ditto\ditto.exe] => (Allow) C:\program files (x86)\ditto\ditto.exe
FirewallRules: [{347A2896-44B0-4781-8639-F8E6DADBAF9B}] => (Block) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [{043836B9-CABB-4DE7-BB6F-4C6561C5B4AF}] => (Block) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [UDP Query User{A7D9C2DC-CB32-4544-A540-3CE567BB1891}C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe] => (Allow) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [TCP Query User{C17FD2D4-D884-4DF0-BFC2-BA96D1E34ACC}C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe] => (Allow) C:\program files (x86)\media gobbler, inc\gobbler\gobbler.exe
FirewallRules: [{FC9A52D6-E8D3-43D5-9EE5-A4CC0A72E7E1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D44DDEE-E403-49B8-971A-46814BF7814C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{65942B4D-AAD7-4320-BDFC-7B54A64A2DF8}] => (Allow) C:\Program Files (x86)\Intel\Extreme Tuning Utility\Client\PerfTune.exe
FirewallRules: [{10EA7950-8535-46F1-BD21-00FA3E46A57C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2A95E67F-00BA-4C7F-982F-21737687F7C2}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{D349A76B-9E0E-4A55-BD62-98E51D8FC3FF}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [TCP Query User{0F05B259-9FEA-40DD-A9E3-70A1E7D792A8}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [UDP Query User{63BE29B2-A2E7-4578-97CC-D0DCBF7639AE}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe
FirewallRules: [TCP Query User{FD47186C-FB63-42B6-8252-1BA2D3D031C6}C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe] => (Allow) C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe
FirewallRules: [UDP Query User{B6461154-8899-4C23-922A-8B13A7389751}C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe] => (Allow) C:\users\samswanson\appdata\local\ivideon\ivideonserver\ivideonserver.exe
FirewallRules: [{33659DC1-1F98-439A-AEC3-57776D741690}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4DCCEBA1-C481-409A-B6A3-9978F0C403D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FE6ED81B-B560-40F0-8975-770BE8C4B4C5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{DE906F04-5348-4E10-8278-2FA61E95B0B3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [TCP Query User{C20C177B-0E29-469B-A6DA-2CF7B87D207D}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{A3922E75-DF5F-4382-9192-D3989C5686AE}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [TCP Query User{E2572DE2-18A4-4838-BF78-D416F7A58F87}C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{4C7F8891-A519-4288-A555-D6B644C983F9}C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\samswanson\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{8164E955-4659-4A72-8510-667E48F5CBCF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{193307C5-27EA-4047-8D49-62699F1ABCA8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{23D75EBE-3F14-4B79-8CAD-EB12D7FA7A23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{F9C2D2D0-2A16-4751-8866-990FE9C3C851}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{16F6121E-B315-462F-9B0C-4753ECD149D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C5E08516-C1BC-4B12-BB6E-45A9CE248B88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DE03B6B4-FD06-45C6-991C-EB99785E619A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2D32070B-BE19-469C-9749-20AF2E943B77}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B2868D72-9C1F-442F-829F-7E3CC250B9D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8E7B85F4-59CC-4743-ABDC-113EF0515C1A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{80A0797C-B514-4C9D-9AD0-4030E922803D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{151CDCEB-5350-4E0B-B3DF-5D1AFD444318}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{2FC9AC5D-2002-4226-851A-C906786981FE}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{CBF94C9D-E30C-4E5E-90C8-84E3E08CAE9B}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{447E0C97-2CD8-4303-8588-9CEE3774093C}] => (Allow) C:\Program Files (x86)\AnonVPN\bin\AnonVPN.exe
FirewallRules: [{E8226ED0-F618-4BFF-9414-9DE5D234B0E5}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe
FirewallRules: [{4FC8502B-C59D-4A3E-835A-1D56C834280C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{266AE150-5BAC-41F2-B9C7-3AEFEF2BD695}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{A83100B2-AC65-4E83-BCA3-B70ACBD1F190}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{A6644206-9A35-4A7E-A8AF-0759C35D655D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{97AC4EC6-F9A0-4962-A2AB-EDA3242B18EE}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{6AECC060-1F3B-47E6-8945-52A9F9577BC3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{5726AA47-031F-426F-B0F5-64624B7C1215}] => (Allow) C:\Users\SamSwanson\AppData\Local\Google\Chrome SxS\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

28-02-2017 11:49:12 UnHackMe Malware Removal
01-03-2017 11:44:51 JRT Pre-Junkware Removal
01-03-2017 19:58:49 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Primo Ramdisk Controller
Description: Primo Ramdisk Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ROMEX SOFTWARE
Service: FancyRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2017 08:26:52 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CISCTPnpDriverApi::CreateInstance *****Unable to open the ISCT device driver

Error: (03/01/2017 08:26:51 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance due to the following error: The operation completed successfully. 0x0.

Error: (03/01/2017 08:26:50 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog

Error: (03/01/2017 08:26:50 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (03/01/2017 08:02:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "rdyboost" in DLL "C:\WINDOWS\system32\sysmain.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/01/2017 08:02:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/01/2017 07:58:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/01/2017 07:41:02 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (03/01/2017 07:41:02 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (03/01/2017 07:37:57 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: CISCTPnpDriverApi::CreateInstance *****Unable to open the ISCT device driver


System errors:
=============
Error: (03/01/2017 08:28:54 PM) (Source: DCOM) (EventID: 10010) (User: JIRICOMPUTER)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (03/01/2017 08:26:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error:
A device attached to the system is not functioning.

Error: (03/01/2017 08:26:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroupListener service terminated with the following service-specific error:
%%2147944153 = There are no more endpoints available from the endpoint mapper.

Error: (03/01/2017 08:26:49 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/01/2017 08:26:38 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/01/2017 08:26:37 PM) (Source: FancyRd) (EventID: 2) (User: )
Description: The evaluation period for this installation of Primo Ramdisk has expired.

Error: (03/01/2017 08:26:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/01/2017 07:58:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (03/01/2017 07:40:27 PM) (Source: DCOM) (EventID: 10010) (User: JIRICOMPUTER)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (03/01/2017 07:37:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


CodeIntegrity:
===================================
Date: 2017-03-01 20:29:01.068
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-01 20:26:52.505
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-01 20:26:49.625
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-01 19:58:31.418
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-03-01 19:42:17.609
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-01 19:42:04.491
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-01 19:40:59.064
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-01 19:40:58.942
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-01 19:37:54.540
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-01 17:57:44.390
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 13%
Total physical RAM: 32716.45 MB
Available physical RAM: 28442.09 MB
Total Virtual: 32716.45 MB
Available Virtual: 28142.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.13 GB) (Free:115.12 GB) NTFS
Drive r: (Redundant) (Fixed) (Total:2794.39 GB) (Free:1153.93 GB) NTFS
Drive s: (Major Scott) (Fixed) (Total:2794.39 GB) (Free:1562.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 3DE8DBCF)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: BCDE926D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 1CD3CAE0)

Partition: GPT.

==================== End of Addition.txt ============================
 

Attachments

  • Like
Reactions: Malnutrition

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,397
552
FRST Fix.



Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Shortcut.txt made with FRST earlier.
As per picture.
A report on the work as a file ClearLNK- <date> .log
Will be produced, post that log.



Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2


  • Close all other the running programs
  • Disable ALL Antivirus -- Antimalware -- Applications.
  • Right Click Rogue Killer and Run as Administrator.
  • Click the Start Scan button.
  • Allow the scan to run -- it can take ten minutes or more.
  • Once the scan is complete check All items for removal.

  • After All items are checked then press Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on open report -- then open txt
  • Copy the content of the report and paste it here in your next reply.
 

Attachments

slonslon7

PCHF Member
PCHF Member
Mar 1, 2017
14
8
32
FRST fix:
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by SamSwanson (01-03-2017 21:41:38) Run:1
Running from C:\Users\SamSwanson\Desktop\Computer fix
Loaded Profiles: SamSwanson (Available Profiles: SamSwanson)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
HKLM-x32\...\Run: [SunJavaUpdateSched (1)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched (2)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched (3)] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-12-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-12-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-02-10] (Oracle Corporation)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (1)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (2)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (3)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update (4)] => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\Run: [Google Update] => C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{2173f261-2e23-4f0a-940a-2a88ca2b214b}: [NameServer] 74.82.42.42,192.168.0.1
Tcpip\..\Interfaces\{2173f261-2e23-4f0a-940a-2a88ca2b214b}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{7faf953a-453a-4de6-a3bc-2ce40997f6cc}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7faf953a-453a-4de6-a3bc-2ce40997f6cc}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{a56f0fe6-a65d-419a-9a9d-a9f8c86c22bd}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{c09f412c-6a39-48fa-9e06-9f815d6e9d25}: [NameServer] 8.8.8.8,8.8.4.4
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-20] (Oracle Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-20] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
FF NewTab: Mozilla\Firefox\Profiles\lncyg2i6.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\lncyg2i6.default -> about:blank
FF SearchPlugin: C:\Users\SamSwanson\AppData\Roaming\Mozilla\Firefox\Profiles\lncyg2i6.default\searchplugins\google-avast.xml [2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman => not found
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @tools.google.com/Google Update;version=3 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3236326594-2611474830-2656184370-1001: @tools.google.com/Google Update;version=9 -> C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
S3 ManyCam; \SystemRoot\system32\DRIVERS\mcvidrv.sys [X]
S3 mcaudrv_simple; \SystemRoot\system32\drivers\mcaudrv_x64.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
2017-02-24 18:27 - 2017-03-01 19:33 - 00002668 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2017-02-21 15:52 - 2017-02-21 16:01 - 00000000 ____D C:\ProgramData\Emsisoft
2017-02-21 14:39 - 2017-02-21 14:47 - 00000000 ____D C:\Program Files\stinger
2017-02-21 14:39 - 2017-02-21 14:39 - 00000000 ____D C:\Program Files\McAfee
2017-02-13 16:16 - 2017-02-13 16:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-13 14:56 - 2017-02-13 16:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-13 00:03 - 2017-02-13 00:03 - 00000000 ____D C:\ProgramData\Sophos
2017-02-13 00:00 - 2017-02-13 00:00 - 04656523 _____ C:\Users\SamSwanson\Downloads\tdsskiller.zip
2017-02-13 00:00 - 2017-02-13 00:00 - 00208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\55447846.sys
2017-02-10 20:02 - 2017-02-10 20:02 - 00000000 ____D C:\Users\SamSwanson\AppData\Local\Chromium
2017-03-01 20:02 - 2013-07-28 08:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-01 19:37 - 2017-01-12 17:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-01 19:37 - 2016-12-03 22:13 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-03-01 19:37 - 2012-12-23 12:23 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA.job
2017-03-01 19:37 - 2012-12-23 12:23 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core.job
2017-03-01 19:33 - 2017-01-12 17:52 - 00003104 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-01 19:33 - 2016-12-26 18:15 - 00002610 _____ C:\WINDOWS\System32\Tasks\{EE492B24-CD47-404D-95D3-605112E375FA}
2017-03-01 19:33 - 2016-12-03 22:13 - 00003410 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-01 19:33 - 2016-08-15 15:00 - 00002894 _____ C:\WINDOWS\System32\Tasks\Patch My PC
2017-03-01 19:33 - 2016-08-11 19:50 - 00003622 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA1cf27e25ff0855a
2017-03-01 19:33 - 2016-08-11 19:50 - 00003552 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA
2017-03-01 19:33 - 2016-08-11 19:50 - 00003404 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-01 19:33 - 2016-08-11 19:50 - 00003354 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core1cf27e25d7e5085
2017-03-01 19:33 - 2016-08-11 19:50 - 00003280 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core
2017-03-01 19:33 - 2016-08-11 19:50 - 00003180 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-01 19:33 - 2016-08-11 19:50 - 00002920 _____ C:\WINDOWS\System32\Tasks\20160623_163758_Restore 12 0
2017-03-01 19:33 - 2016-08-11 19:50 - 00002920 _____ C:\WINDOWS\System32\Tasks\20160618_170750_Restore 12 0
2017-03-01 19:33 - 2016-08-11 19:50 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3236326594-2611474830-2656184370-1001
2017-03-01 13:58 - 2013-05-04 00:13 - 00000000 ___HD C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA
2017-03-01 13:58 - 2012-10-14 18:47 - 00000000 ___HD C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX
2017-02-10 18:50 - 2013-09-17 09:45 - 00000000 ____D C:\ProgramData\Ashampoo
2014-02-12 22:10 - 2014-02-12 22:10 - 0000005 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_496F4C99-60AD-5b9e-AC1B-FA060E643C04.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000013 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_72024697-2626-4a12-8347-7CAC1834AC3B.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000013 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_D9C6A609-15A1-4768-8E98-6FA00C2547CC.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_F4F01109-C336-401f-BDE4-7C1926744104.dll
2014-02-12 22:10 - 2014-02-12 22:10 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_FAB01109-C336-401f-BDE4-AB1926744111.dll
2014-01-26 19:56 - 2014-01-26 19:56 - 0000004 _____ () C:\Users\SamSwanson\AppData\Roaming\iasna_FB9AECF7-F56E-7B2E-A862-9892AA545103.dll
2016-08-11 19:35 - 2016-08-11 19:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Task: {05848826-F541-4A0C-B9F2-1611BC2C39B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core1cf27e25d7e5085 => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {063A0BFF-9FB6-4A57-A0FE-92E13D9CF789} - \Auslogics\BoostSpeed\Start BoostSpeed оn SamSwanson logon -> No File <==== ATTENTION
Task: {08ABE768-2FEF-4170-8066-25BB5001F947} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {0F509641-76C6-4FAB-BEF3-CB600B547AC5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1471D492-58EE-4C44-BE77-AF989C926662} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1A41D700-2897-4BAA-A036-58E78AA05409} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {21C96E5B-F2CD-4BC9-8E73-CA85AC55B19E} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2012-12-25] (Arainia Solutions)
Task: {23972D0B-9EA4-444E-94E3-FEF38A46F53D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {25A3DFC4-D040-485E-B0C3-426340897B2A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-10-11] (Intel Corporation)
Task: {31B61FA2-6781-4DDF-A0E6-B5E23DA9740B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {36AD6884-E5D4-488D-95F6-FE8F55B41FAC} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-02-20] (Tweaking.com)
Task: {39DBE3EA-4037-4B26-AD52-FC269D6B2855} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3BC80582-EF19-47C4-B5B2-6C63A4573C8E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {460D91C7-7A6C-4120-BDF1-351A93CF1157} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {5B36754A-B7BE-41F5-BE37-F12045B1C69B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {5D25CD93-550A-42DF-8295-8A2C8AB3DF1E} - \avastBCLRestartS-1-5-21-3236326594-2611474830-2656184370-1001 -> No File <==== ATTENTION
Task: {5D6CA38A-4C4C-4E18-8C5D-5E2224AEC118} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {66365F28-CE4B-45AD-A996-337675E8A58E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {6E398F56-89B4-4FC1-8AEA-E632E89C8918} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6F7DD068-47F7-4EE2-B113-F6BC5435281D} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {7D6CD2E9-7D16-4990-876E-A1DDD1C333DC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {8C2DAB06-A415-4E79-9FD2-92C60BC7FA67} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {96FDF968-3B9A-47A0-8729-22C64981D02C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {9929E7D3-69C5-48B3-BD78-4DA035C80291} - System32\Tasks\{BBCD0C7D-45F8-4AA4-A784-5E4F16371482} => pcalua.exe -a E:\ashampoo_firewall_free_1.20_sm.exe -d E:\
Task: {9AC9EE1F-3C7D-4D11-A723-C108476BA2FD} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-22] (Adobe Systems Incorporated)
Task: {A75CC2EA-C50E-4D36-AEA1-91212A6641DB} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AD0C68FF-F1EF-4C1E-A767-DBD5729882A2} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-02-24] (Greatis Software)
Task: {AD2F8636-6963-4AAD-A26F-1D01E01200F0} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2013-01-14] ()
Task: {AD93EA85-7159-4B00-A2A8-DC9C6441F3A7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {C1590D8D-F402-4E93-8D27-AFD81BC6A5C3} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {CA31EB53-D7B0-4140-9BF1-68356F601421} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-22] (Adobe Systems Incorporated)
Task: {D6716D1C-E449-4AF6-8063-D330FAEA820B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D8D805E5-AFF8-477C-B46C-3A79C13D64E8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {DAE7EBFF-9B4D-438B-A0E1-76A7FE896D57} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E3CC8218-7A1E-4B80-B0E8-C9C2FA606B1B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E4290C7D-DF68-49AF-B8D3-ECF30CFCE984} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - \Microsoft\Windows\Customer Experience Improvement Program\BthSQM -> No File <==== ATTENTION
Task: {F19205EB-384D-455D-99E3-6BC1A4840E68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F6E4AD78-6FF4-4B5F-A68C-36575464E8A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F8D01798-23CD-4BD7-A4B2-3C85ED5B55C9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core.job => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA.job => C:\Users\SamSwanson\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\bvSO2cjMUSN:nKkdVTct7EMl42YHS3SZExMJ [2388]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX:eek:6d4DS5PFDAk03KTXvn2F2mu [2712]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA:03HrcMG15SDYyUw1Sza8AWAbY [2338]
AlternateDataStreams: C:\Users\SamSwanson\AppData\Local\Temporary Internet Files:xwH7V3jDNbvYm9CzQAMppM [2254]
C:\Users\SamSwanson\AppData\Local\bvSO2cjMUSN
C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX
C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
MSCONFIG\Services: WSearch => 2
HKLM\...\StartupApproved\StartupFolder: => "Snagit 11.lnk"
HKLM\...\StartupApproved\StartupFolder: => "LoopBe30 Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RunDLLEntry"
HKLM\...\StartupApproved\Run: => "THXCfg64"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "AdobeCS5ServiceManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "googletalk"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (2)"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (1)"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched (3)"
HKLM\...\StartupApproved\Run32: => "Carbonite Backup"
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPortf0ac3e"
HKLM\...\StartupApproved\Run32: => "ZAM"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\StartupFolder: => "RBTray.exe"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\StartupFolder: => "SpeedFan.lnk"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Gobbler"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6884A160BCC04722E6F4385CB6FFBBDA"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GizmoDriveDelegate"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Copy"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update (2)"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update (3)"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update (1)"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Google Update (4)"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DriverMax"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_20359AAFD869880A09A939B153F8703B"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\...\StartupApproved\Run: => "Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: ipconfig /flushdns
C:\Windows\system32\Drivers\etc\hosts
Hosts:
reboot:
end


*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched (1) => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched (2) => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched (3) => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update (1) => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update (2) => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update (3) => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update (4) => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2173f261-2e23-4f0a-940a-2a88ca2b214b}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2173f261-2e23-4f0a-940a-2a88ca2b214b}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7faf953a-453a-4de6-a3bc-2ce40997f6cc}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7faf953a-453a-4de6-a3bc-2ce40997f6cc}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a56f0fe6-a65d-419a-9a9d-a9f8c86c22bd}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c09f412c-6a39-48fa-9e06-9f815d6e9d25}\\NameServer => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => key removed successfully
HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => key removed successfully
HKCR\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key removed successfully
HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => key removed successfully
HKCR\Wow6432Node\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => key removed successfully
HKCR\Wow6432Node\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key removed successfully
HKCR\Wow6432Node\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found.
HKCR\PROTOCOLS\Handler\osf => key not found.
HKCR\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1} => key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\skype4com => key not found.
HKCR\Wow6432Node\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
C:\Users\SamSwanson\AppData\Roaming\Mozilla\Firefox\Profiles\lncyg2i6.default\searchplugins\google-avast.xml => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Users\SamSwanson\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kjeghcllfecehndceplomkocgfbklffd => key removed successfully
HKLM\System\CurrentControlSet\Services\FreshIO => key removed successfully
FreshIO => service removed successfully
HKLM\System\CurrentControlSet\Services\ManyCam => key removed successfully
ManyCam => service removed successfully
HKLM\System\CurrentControlSet\Services\mcaudrv_simple => key removed successfully
mcaudrv_simple => service removed successfully
HKLM\System\CurrentControlSet\Services\SR => key removed successfully
SR => service removed successfully
HKLM\System\CurrentControlSet\Services\srservice => key removed successfully
srservice => service removed successfully
C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler => moved successfully
C:\ProgramData\Emsisoft => moved successfully
C:\Program Files\stinger => moved successfully
C:\Program Files\McAfee => moved successfully
C:\WINDOWS\System32\Tasks\Safer-Networking => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\ProgramData\Sophos => moved successfully
C:\Users\SamSwanson\Downloads\tdsskiller.zip => moved successfully
C:\WINDOWS\system32\Drivers\55447846.sys => moved successfully
C:\Users\SamSwanson\AppData\Local\Chromium => moved successfully
C:\WINDOWS\system32\MRT => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core.job => moved successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
C:\WINDOWS\System32\Tasks\{EE492B24-CD47-404D-95D3-605112E375FA} => moved successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => moved successfully
C:\WINDOWS\System32\Tasks\Patch My PC => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA1cf27e25ff0855a => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core1cf27e25d7e5085 => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\System32\Tasks\20160623_163758_Restore 12 0 => moved successfully
C:\WINDOWS\System32\Tasks\20160618_170750_Restore 12 0 => moved successfully
C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3236326594-2611474830-2656184370-1001 => moved successfully
C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA => moved successfully
C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX => moved successfully
C:\ProgramData\Ashampoo => moved successfully
C:\Users\SamSwanson\AppData\Roaming\iasna_496F4C99-60AD-5b9e-AC1B-FA060E643C04.dll => moved successfully
C:\Users\SamSwanson\AppData\Roaming\iasna_72024697-2626-4a12-8347-7CAC1834AC3B.dll => moved successfully
C:\Users\SamSwanson\AppData\Roaming\iasna_D9C6A609-15A1-4768-8E98-6FA00C2547CC.dll => moved successfully
C:\Users\SamSwanson\AppData\Roaming\iasna_F4F01109-C336-401f-BDE4-7C1926744104.dll => moved successfully
C:\Users\SamSwanson\AppData\Roaming\iasna_FAB01109-C336-401f-BDE4-AB1926744111.dll => moved successfully
C:\Users\SamSwanson\AppData\Roaming\iasna_FB9AECF7-F56E-7B2E-A862-9892AA545103.dll => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05848826-F541-4A0C-B9F2-1611BC2C39B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05848826-F541-4A0C-B9F2-1611BC2C39B2} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core1cf27e25d7e5085 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core1cf27e25d7e5085 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{063A0BFF-9FB6-4A57-A0FE-92E13D9CF789} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{063A0BFF-9FB6-4A57-A0FE-92E13D9CF789} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\BoostSpeed\Start BoostSpeed оn SamSwanson logon => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08ABE768-2FEF-4170-8066-25BB5001F947} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08ABE768-2FEF-4170-8066-25BB5001F947} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F509641-76C6-4FAB-BEF3-CB600B547AC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F509641-76C6-4FAB-BEF3-CB600B547AC5} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1471D492-58EE-4C44-BE77-AF989C926662} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1471D492-58EE-4C44-BE77-AF989C926662} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A41D700-2897-4BAA-A036-58E78AA05409} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A41D700-2897-4BAA-A036-58E78AA05409} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21C96E5B-F2CD-4BC9-8E73-CA85AC55B19E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21C96E5B-F2CD-4BC9-8E73-CA85AC55B19E} => key removed successfully
C:\WINDOWS\System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23972D0B-9EA4-444E-94E3-FEF38A46F53D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23972D0B-9EA4-444E-94E3-FEF38A46F53D} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25A3DFC4-D040-485E-B0C3-426340897B2A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25A3DFC4-D040-485E-B0C3-426340897B2A} => key removed successfully
C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31B61FA2-6781-4DDF-A0E6-B5E23DA9740B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31B61FA2-6781-4DDF-A0E6-B5E23DA9740B} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36AD6884-E5D4-488D-95F6-FE8F55B41FAC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36AD6884-E5D4-488D-95F6-FE8F55B41FAC} => key removed successfully
C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tweaking.com - Windows Repair Tray Icon => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39DBE3EA-4037-4B26-AD52-FC269D6B2855} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39DBE3EA-4037-4B26-AD52-FC269D6B2855} => key removed successfully
C:\WINDOWS\System32\Tasks\Apple\AppleSoftwareUpdate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BC80582-EF19-47C4-B5B2-6C63A4573C8E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BC80582-EF19-47C4-B5B2-6C63A4573C8E} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{460D91C7-7A6C-4120-BDF1-351A93CF1157} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{460D91C7-7A6C-4120-BDF1-351A93CF1157} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B36754A-B7BE-41F5-BE37-F12045B1C69B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B36754A-B7BE-41F5-BE37-F12045B1C69B} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D25CD93-550A-42DF-8295-8A2C8AB3DF1E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D25CD93-550A-42DF-8295-8A2C8AB3DF1E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-3236326594-2611474830-2656184370-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D6CA38A-4C4C-4E18-8C5D-5E2224AEC118} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D6CA38A-4C4C-4E18-8C5D-5E2224AEC118} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66365F28-CE4B-45AD-A996-337675E8A58E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66365F28-CE4B-45AD-A996-337675E8A58E} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E398F56-89B4-4FC1-8AEA-E632E89C8918} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E398F56-89B4-4FC1-8AEA-E632E89C8918} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F7DD068-47F7-4EE2-B113-F6BC5435281D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F7DD068-47F7-4EE2-B113-F6BC5435281D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7D6CD2E9-7D16-4990-876E-A1DDD1C333DC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D6CD2E9-7D16-4990-876E-A1DDD1C333DC} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C2DAB06-A415-4E79-9FD2-92C60BC7FA67} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C2DAB06-A415-4E79-9FD2-92C60BC7FA67} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96FDF968-3B9A-47A0-8729-22C64981D02C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96FDF968-3B9A-47A0-8729-22C64981D02C} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9929E7D3-69C5-48B3-BD78-4DA035C80291} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9929E7D3-69C5-48B3-BD78-4DA035C80291} => key removed successfully
C:\WINDOWS\System32\Tasks\{BBCD0C7D-45F8-4AA4-A784-5E4F16371482} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BBCD0C7D-45F8-4AA4-A784-5E4F16371482} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AC9EE1F-3C7D-4D11-A723-C108476BA2FD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AC9EE1F-3C7D-4D11-A723-C108476BA2FD} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A75CC2EA-C50E-4D36-AEA1-91212A6641DB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A75CC2EA-C50E-4D36-AEA1-91212A6641DB} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD0C68FF-F1EF-4C1E-A767-DBD5729882A2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD0C68FF-F1EF-4C1E-A767-DBD5729882A2} => key removed successfully
C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UnHackMe Task Scheduler => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD2F8636-6963-4AAD-A26F-1D01E01200F0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD2F8636-6963-4AAD-A26F-1D01E01200F0} => key removed successfully
C:\WINDOWS\System32\Tasks\ASUS\Easy Update => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\Easy Update => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD93EA85-7159-4B00-A2A8-DC9C6441F3A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD93EA85-7159-4B00-A2A8-DC9C6441F3A7} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1590D8D-F402-4E93-8D27-AFD81BC6A5C3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1590D8D-F402-4E93-8D27-AFD81BC6A5C3} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA31EB53-D7B0-4140-9BF1-68356F601421} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA31EB53-D7B0-4140-9BF1-68356F601421} => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6716D1C-E449-4AF6-8063-D330FAEA820B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6716D1C-E449-4AF6-8063-D330FAEA820B} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8D805E5-AFF8-477C-B46C-3A79C13D64E8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8D805E5-AFF8-477C-B46C-3A79C13D64E8} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAE7EBFF-9B4D-438B-A0E1-76A7FE896D57} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAE7EBFF-9B4D-438B-A0E1-76A7FE896D57} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3CC8218-7A1E-4B80-B0E8-C9C2FA606B1B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3CC8218-7A1E-4B80-B0E8-C9C2FA606B1B} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4290C7D-DF68-49AF-B8D3-ECF30CFCE984} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4290C7D-DF68-49AF-B8D3-ECF30CFCE984} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F19205EB-384D-455D-99E3-6BC1A4840E68} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F19205EB-384D-455D-99E3-6BC1A4840E68} => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6E4AD78-6FF4-4B5F-A68C-36575464E8A3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6E4AD78-6FF4-4B5F-A68C-36575464E8A3} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8D01798-23CD-4BD7-A4B2-3C85ED5B55C9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D01798-23CD-4BD7-A4B2-3C85ED5B55C9} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService => key removed successfully
C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => not found.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001Core.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3236326594-2611474830-2656184370-1001UA.job => not found.
C:\Users\SamSwanson\AppData\Local\bvSO2cjMUSN => ":nKkdVTct7EMl42YHS3SZExMJ" ADS removed successfully.
"C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX" => ":eek:6d4DS5PFDAk03KTXvn2F2mu" ADS not found.
"C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA" => ":03HrcMG15SDYyUw1Sza8AWAbY" ADS not found.
C:\Users\SamSwanson\AppData\Local\Temporary Internet Files => ":xwH7V3jDNbvYm9CzQAMppM" ADS removed successfully.
C:\Users\SamSwanson\AppData\Local\bvSO2cjMUSN => moved successfully
"C:\Users\SamSwanson\AppData\Local\fkMCIEeuWIX" => not found.
"C:\Users\SamSwanson\AppData\Local\pX1tyrSoUVeA" => not found.
HKU\.DEFAULT\Software\Classes\exefile => key removed successfully
HKU\.DEFAULT\Software\Classes\.exe => key removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Classes\exefile => key removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\Software\Classes\.exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WSearch => key removed successfully
HKLM\System\CurrentControlSet\Services\WSearch => key removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Snagit 11.lnk => value removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LoopBe30 Monitor.lnk => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\LoopBe30 Monitor.lnk => value removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk => moved successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\SoftEther VPN Client Manager Startup.lnk => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Acronis Scheduler2 Service => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Acronis Scheduler2 Service => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RTHDVCPL => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RTHDVCPL => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RunDLLEntry => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RunDLLEntry => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\THXCfg64 => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\THXCfg64 => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\EvtMgr6 => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EvtMgr6 => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Launch LCore => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Launch LCore => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\ShadowPlay => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ShadowPlay => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\iTunesHelper => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\ZAM => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ZAM => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SoftEther VPN Client UI Helper => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SoftEther VPN Client UI Helper => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AcronisTibMounterMonitor => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AcronisTibMounterMonitor => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AdobeCS5ServiceManager => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\APSDaemon => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\APSDaemon => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\UpdReg => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\DivXMediaServer => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\DivXUpdate => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\googletalk => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\googletalk => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\iTunesHelper => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\QuickTime Task => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SwitchBoard => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Acronis Scheduler2 Service => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Acronis Scheduler2 Service => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched (2) => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched (2) => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched (1) => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched (1) => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched (3) => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched (3) => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Carbonite Backup => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Carbonite Backup => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\CancelAutoPlay_df => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CancelAutoPlay_df => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\CheckNDISPortf0ac3e => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CheckNDISPortf0ac3e => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\ZAM => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ZAM => value not found.
C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.exe => not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\RBTray.exe => value removed successfully
C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk => moved successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\SpeedFan.lnk => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Gobbler => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Gobbler => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_6884A160BCC04722E6F4385CB6FFBBDA => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_6884A160BCC04722E6F4385CB6FFBBDA => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Google Update => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Update => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Skype => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Skype => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Spotify => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Spotify => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Spotify Web Helper => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\DAEMON Tools Lite => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GizmoDriveDelegate => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GizmoDriveDelegate => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Copy => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Copy => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Google Update (2) => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Update (2) => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Google Update (3) => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Update (3) => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Google Update (1) => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Update (1) => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Google Update (4) => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Update (4) => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\DriverMax => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DriverMax => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_20359AAFD869880A09A939B153F8703B => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_20359AAFD869880A09A939B153F8703B => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\OneDrive => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\OneDrive => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\DAEMON Tools Lite Automount => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CCleaner Monitoring => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64 => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64 => value not found.
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64 => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Uninstall C:\Users\SamSwanson\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64 => value not found.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3236326594-2611474830-2656184370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state Off =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

Could not move "C:\Windows\system32\Drivers\etc\hosts" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49886422 B
Java, Flash, Steam htmlcache => 11304565 B
Windows/system/drivers => 7492450 B
Edge => 506 B
Chrome => 29575083 B
Firefox => 17447753 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 560 B
LocalService => 2520 B
NetworkService => 51380352 B
SamSwanson => 41025858 B

RecycleBin => 0 B
EmptyTemp: => 198.5 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-03-2017 21:43:26)

C:\Windows\system32\Drivers\etc\hosts => Is moved successfully
Hosts restored successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

==== End of Fixlog 21:43:26 ====
Clearlink:
ClearLNK by Alex Dragokas ver. 2.9.0.11

OS: x64 Windows 10 Pro, 10.0.14393, Service Pack: 0
Time: 01.03.2017 - 21:46
Language: OS: EN (0x409). Display: EN (0x409). Non-Unicode: EN (0x409)
Elevated: Yes
User: SamSwanson (group: Administrator)

_____________________________ Begin of Log ______________________________
.
[ OK ] 2 "C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk" -> [ "C:\Windows\explorer.exe" ] (icon has been recovered)
[ OK ] 11 "C:\ProgramData\Microsoft\Windows\Start Menu\Gobbler.lnk" -> [ "C:\Program Files (x86)\Media Gobbler, Inc\Gobbler\Gobbler.exe" ] (icon has been recovered)
[ OK ] 47 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware\Zemana AntiMalware.lnk" -> [ "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" ] (icon has been recovered)
[ OK ] 99 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradeo - MetaTrader 4\Tradeo - MT4.lnk" -> [ "C:\Program Files (x86)\Tradeo - MetaTrader 4\terminal.exe" ] (icon has been recovered)
[ OK ] 119 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk" -> [ "C:\Program Files\Windows Defender\MSASCui.exe" ] (icon has been recovered)
[ OK ] 128 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonarworks\Sonarworks\Sonarworks HD reference.lnk" -> [ "C:\Program Files (x86)\Sonarworks\Sonarworks HD reference\sonarworks.exe" ] (icon has been recovered)
[ OK ] 129 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonarworks\Sonarworks\Sonarworks Reference 3.lnk" -> [ "C:\Program Files (x86)\Sonarworks\SonarworksReference\Sonarworks Reference 3.exe" ] (icon has been recovered)
[ OK ] 357 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaTrader 5\MetaTrader 5.lnk" -> [ "C:\Program Files\MetaTrader 5\terminal64.exe" ] (icon has been recovered)
[ OK ] 403 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk" -> [ "C:\Program Files\Java\jre1.8.0_121\bin\javacpl.exe" ] (icon has been recovered)
[ OK ] 444 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Extreme Tuning Utility\Intel(R) Extreme Tuning Utility.lnk" -> [ "C:\Program Files (x86)\Intel\Extreme Tuning Utility\Client\PerfTune.exe" ] (icon has been recovered)
[ OK ] 541 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo\CrystalDiskInfo Shizuku Edition.lnk" -> [ "C:\Program Files (x86)\CrystalDiskInfo\DiskInfo32S.exe" ] (icon has been recovered)
[ OK ] 542 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo\CrystalDiskInfo.lnk" -> [ "C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe" ] (icon has been recovered)
[ OK ] 594 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies\AVOX Evo VST\Launch Articulator Setup.pdf.lnk" -> [ "C:\Program Files (x86)\Antares Audio Technologies\AVOX Evo VST\Articulator Setup.pdf" ] (icon has been recovered)
[ OK ] 595 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies\AVOX Evo VST\Launch Authorization Read Me.pdf.lnk" -> [ "C:\Program Files (x86)\Antares Audio Technologies\AVOX Evo VST\Authorization Read Me.pdf" ] (icon has been recovered)
[ OK ] 596 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies\AVOX Evo VST\Launch AVOX Evo License.rtf.lnk" -> [ "C:\Program Files (x86)\Antares Audio Technologies\AVOX Evo VST\AVOX Evo License.rtf" ] (icon has been recovered)
[ OK ] 597 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies\AVOX Evo VST\Launch AVOX Evo Manual.pdf.lnk" -> [ "C:\Program Files (x86)\Antares Audio Technologies\AVOX Evo VST\AVOX Evo Manual.pdf" ] (icon has been recovered)
[ OK ] 598 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies\AVOX Evo VST\Launch AVOX THROAT Presets Read Me.rtf.lnk" -> [ "C:\Program Files (x86)\Antares Audio Technologies\AVOX Evo VST\AVOX THROAT Presets Read Me.rtf" ] (icon has been recovered)
[ OK ] 599 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies\AVOX Evo VST\Launch Harmony Engine Evo Manual.pdf.lnk" -> [ "C:\Program Files (x86)\Antares Audio Technologies\AVOX Evo VST\Harmony Engine Evo Manual.pdf" ] (icon has been recovered)
[ OK ] 600 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies\AVOX Evo VST\Launch Harmony Engine Evo VST PC Read Me.pdf.lnk" -> [ "C:\Program Files (x86)\Antares Audio Technologies\AVOX Evo VST\Harmony Engine Evo VST PC Read Me.pdf" ] (icon has been recovered)
[ OK ] 604 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk" -> [ "C:\Windows\System32\comexp.msc" ] (icon has been recovered)
[ OK ] 605 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk" -> [ "C:\Windows\System32\dfrgui.exe" ] (icon has been recovered)
[ OK ] 606 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk" -> [ "C:\Windows\System32\cleanmgr.exe" ] (icon has been recovered)
[ OK ] 607 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk" -> [ "C:\Windows\System32\iscsicpl.exe" ] (icon has been recovered)
[ OK ] 608 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk" -> [ "C:\WINDOWS\system32\MdSched.exe" ] (icon has been recovered)
[ OK ] 609 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk" -> [ "C:\Windows\SysWOW64\odbcad32.exe" ] (icon has been recovered)
[ OK ] 610 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk" -> [ "C:\Windows\System32\odbcad32.exe" ] (icon has been recovered)
[ OK ] 611 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk" -> [ "C:\WINDOWS\system32\printmanagement.msc" ] (icon has been recovered)
[ OK ] 612 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk" -> [ "C:\Windows\System32\services.msc" ] (icon has been recovered)
[ OK ] 613 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk" -> [ "C:\WINDOWS\system32\msconfig.exe" ] (icon has been recovered)
[ OK ] 614 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk" -> [ "C:\Windows\System32\msinfo32.exe" ] (icon has been recovered)
[ OK ] 615 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk" -> [ "C:\Windows\System32\WF.msc" ] (icon has been recovered)
[ OK ] 620 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk" -> [ "C:\Program Files\Common Files\microsoft shared\ink\mip.exe" ] (icon has been recovered)
[ OK ] 621 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" -> [ "C:\Windows\System32\mspaint.exe" ] (icon has been recovered)
[ OK ] 622 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk" -> [ "C:\WINDOWS\system32\quickassist.exe" ] (icon has been recovered)
[ OK ] 623 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk" -> [ "C:\Windows\System32\mstsc.exe" ] (icon has been recovered)
[ OK ] 624 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk" -> [ "C:\WINDOWS\system32\SnippingTool.exe" ] (icon has been recovered)
[ OK ] 625 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk" -> [ "C:\Windows\System32\psr.exe" ] (icon has been recovered)
[ OK ] 626 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk" -> [ "C:\WINDOWS\system32\WFS.exe" ] (icon has been recovered)
[ OK ] 627 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk" -> [ "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe" ] (icon has been recovered)
[ OK ] 628 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk" -> [ "C:\Windows\System32\xpsrchvw.exe" ] (icon has been recovered)
[ OK ] 629 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk" -> [ "C:\Windows\System32\charmap.exe" ] (icon has been recovered)
[ OK ] 641 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk" -> [ "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ] (icon has been recovered)
[ OK ] 642 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk" -> [ "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe" ] (icon has been recovered)
[ OK ] 643 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk" -> [ "C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe" ] (icon has been recovered)
[ OK ] 644 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk" -> [ "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ] (icon has been recovered)
[ OK ] 650 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" -> [ "C:\Windows\System32\notepad.exe" ] (icon has been recovered)
[ OK ] 651 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk" -> [ "C:\Windows\System32\Magnify.exe" ] (icon has been recovered)
[ OK ] 652 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk" -> [ "C:\WINDOWS\system32\narrator.exe" ] (icon has been recovered)
[ OK ] 653 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk" -> [ "C:\Windows\System32\osk.exe" ] (icon has been recovered)
[ OK ] 657 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk" -> [ "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ] (icon has been recovered)
[ OK ] 659 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk" -> [ "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ] (icon has been recovered)
[ OK ] 676 "C:\Users\Public\Desktop\Sonarworks Reference.lnk" -> [ "C:\Program Files (x86)\Sonarworks\SonarworksReference\Sonarworks Reference 3.exe" ] (icon has been recovered)
[ OK ] 678 "C:\Users\Public\Desktop\Tradeo - MetaTrader 4.lnk" -> [ "C:\Program Files (x86)\Tradeo - MetaTrader 4\terminal.exe" ] (icon has been recovered)
[ OK ] 691 "C:\Users\SamSwanson\Desktop\Dashlane.lnk" -> [ "C:\Users\SamSwanson\AppData\Roaming\Dashlane\Dashlane.exe" ] (icon has been recovered)
[ OK ] 697 "C:\Users\SamSwanson\Desktop\Melodyne Studio 4.lnk" -> [ "C:\Program Files\Celemony\Melodyne Studio 4\Melodyne.exe" ] (Method RN-S) (OK)
[ OK ] 711 "C:\Users\SamSwanson\AppData\Roaming\REAPER\Data\REAPER (reset configuration to factory defaults).lnk" -> [ "C:\Program Files\REAPER\reaper.exe" ] (Method RN-S) (OK)
[ OK ] 735 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk" -> [ "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ] (icon has been recovered)
[ OK ] 736 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk" -> [ "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe" ] (icon has been recovered)
[ OK ] 737 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk" -> [ "C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe" ] (icon has been recovered)
[ OK ] 738 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk" -> [ "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ] (icon has been recovered)
[ OK ] 800 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Litecoin Core\Uninstall Litecoin Core (64-bit).lnk" -> [ "C:\Program Files\Litecoin\uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 808 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jack\Jack Control.lnk" -> [ "C:\Program Files (x86)\Jack\qjackctl.exe" ] (icon has been recovered)
[ OK ] 894 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" -> [ "C:\Program Files\Internet Explorer\iexplore.exe" ] (Method RN-S) (OK)
[ OK ] 895 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" -> [ "C:\Windows\System32\notepad.exe" ] (icon has been recovered)
[ OK ] 896 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk" -> [ "C:\Windows\System32\Magnify.exe" ] (icon has been recovered)
[ OK ] 897 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk" -> [ "C:\WINDOWS\system32\narrator.exe" ] (icon has been recovered)
[ OK ] 898 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk" -> [ "C:\Windows\System32\osk.exe" ] (icon has been recovered)
[ OK ] 906 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk" -> [ "C:\Program Files\Internet Explorer\iexplore.exe" ] (Method RN-S) (OK)
[ OK ] 913 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk" -> [ "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ] (icon has been recovered)
[ OK ] 915 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk" -> [ "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ] (icon has been recovered)
[ OK ] 944 "C:\ProgramData\Microsoft\Windows\Start Menu\SoundToys\Uninstall SoundToys 5.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 945 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Check for UnHackMe updates.lnk" -> [ "C:\Program Files (x86)\UnHackMe\GWebUpdate.exe" ] (Method RN-S) (OK)
[ OK ] 946 "C:\ProgramData\Microsoft\Windows\Start Menu\Lexicon\Uninstall Lexicon PCM Total Bundle.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 947 "C:\ProgramData\Microsoft\Windows\Start Menu\Synchro Arts\Uninstall Synchro Arts - Revoice Pro v3.1.1.3.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 948 "C:\ProgramData\Microsoft\Windows\Start Menu\Softube\Uninstall Softube - Drawmer S73 and Drawmer 1973.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 949 "C:\ProgramData\Microsoft\Windows\Start Menu\Softube\Uninstall Softube - Plug-Ins x64 v2.2.76.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 950 "C:\ProgramData\Microsoft\Windows\Start Menu\Sly-Fi Digital\Uninstall Sly-Fi Digital - Axis EQ 1.0.3.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 951 "C:\ProgramData\Microsoft\Windows\Start Menu\Sly-Fi Digital\Uninstall Sly-Fi Digital - Deflector 1.0.2.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 952 "C:\ProgramData\Microsoft\Windows\Start Menu\Sly-Fi Digital\Uninstall Sly-Fi Digital - Kaya 1.0.4.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 953 "C:\ProgramData\Microsoft\Windows\Start Menu\Slate Digital\Uninstall Slate Digital - Virtual Mix Rack 1.5.0.1.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 954 "C:\ProgramData\Microsoft\Windows\Start Menu\Relab\Uninstall Relab - LX480 Complete.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 955 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacDrive Pro Quick Start.lnk" -> [ "C:\Program Files\Mediafour\MacDrive 9\MDQuickStart.exe" ] (Method RN-S) (OK)
[ OK ] 956 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk" -> [ "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" ] (Method RN-S) (OK)
[ OK ] 957 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere\Webroot SecureAnywhere.lnk" -> [ "C:\Program Files\Webroot\WRSA.exe" ] (Method RN-S) (OK)
[ OK ] 958 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webcam\Uninstall.lnk" -> [ "C:\Program Files (x86)\InstallShield Installation Information\{ED1674F5-5165-49BF-B546-AE5343111540}\setup.exe" ] (Method RN-S) (OK)
[ OK ] 959 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Uninstall Virtual Audio Cable.lnk" -> [ "C:\Program Files\Virtual Audio Cable\setup64.exe" ] (Method RN-S) (OK)
[ OK ] 960 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk" -> [ "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" ] (Method RN-S) (OK)
[ OK ] 961 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk" -> [ "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" ] (Method RN-S) (OK)
[ OK ] 962 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk" -> [ "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" ] (Method RN-S) (OK)
[ OK ] 963 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Uninstall Tweaking.com - Windows Repair.lnk" -> [ "C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 964 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk" -> [ "C:\Windows\System32\Taskmgr.exe" ] (Method RN-S) (OK)
[ OK ] 965 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite Spot Studios\AATranslator\Uninstall AATranslator.lnk" -> [ "C:\Windows\SysWOW64\msiexec.exe" ] (Method RN-S) (OK)
[ OK ] 967 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundRadix\Uninstall SoundRadix - Surfer EQ2 v2.0.1.0.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 968 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Manage Remote Computer's SoftEther VPN Client.lnk" -> [ "C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe" ] (Method RN-S) (OK)
[ OK ] 969 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Language Settings\Configure Display Language.lnk" -> [ "C:\Program Files\SoftEther VPN Client\vpnsetup.exe" ] (Method RN-S) (OK)
[ OK ] 970 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Configuration Tools\TCP Optimization Utility.lnk" -> [ "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" ] (Method RN-S) (OK)
[ OK ] 971 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Debugging Information Collecting Tool.lnk" -> [ "C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe" ] (Method RN-S) (OK)
[ OK ] 972 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Easy Installer Creator.lnk" -> [ "C:\Program Files\SoftEther VPN Client\vpnsetup.exe" ] (Method RN-S) (OK)
[ OK ] 973 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Network Traffic Speed Test Tool.lnk" -> [ "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" ] (Method RN-S) (OK)
[ OK ] 974 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Administrative Tools\Web Installer Creator.lnk" -> [ "C:\Program Files\SoftEther VPN Client\vpnsetup.exe" ] (Method RN-S) (OK)
[ OK ] 975 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (create new project).lnk" -> [ "C:\Program Files\REAPER (x64)\reaper.exe" ] (Method RN-S) (OK)
[ OK ] 976 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (reset configuration to factory defaults).lnk" -> [ "C:\Program Files\REAPER (x64)\reaper.exe" ] (Method RN-S) (OK)
[ OK ] 977 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (ReWire slave mode).lnk" -> [ "C:\Program Files\REAPER (x64)\reaper.exe" ] (Method RN-S) (OK)
[ OK ] 978 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (show audio configuration on startup).lnk" -> [ "C:\Program Files\REAPER (x64)\reaper.exe" ] (Method RN-S) (OK)
[ OK ] 979 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3\IDLE (Python GUI).lnk" -> [ "C:\Python33\pythonw.exe" ] (Method RN-S) (OK)
[ OK ] 980 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3\Module Docs.lnk" -> [ "C:\Python33\pythonw.exe" ] (Method RN-S) (OK)
[ OK ] 981 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3\Uninstall Python.lnk" -> [ "C:\Windows\System32\msiexec.exe" ] (Method RN-S) (OK)
[ OK ] 982 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Xenon\Uninstall PSP Xenon.lnk" -> [ "C:\Program Files\PSPaudioware\PSP Xenon\uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 983 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP SpringBox 64bit\Uninstall PSP SpringBox 64bit.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP SpringBox\PSP SpringBox_64bit_uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 984 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP PianoVerb2 64bit\Uninstall PSP PianoVerb2 64bit.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP PianoVerb2\PSP PianoVerb2_64bit_uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 985 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP oldTimer 64bit\Uninstall PSP oldTimer 64bit.lnk" -> [ "C:\Program Files\PSPaudioware\PSP oldTimer 64bit\uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 986 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP NobleQ 64bit\Uninstall PSP NobleQ 64bit.lnk" -> [ "C:\Program Files\PSPaudioware\PSP NobleQ 64bit\PSP NobleQ_64bit_uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 987 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Neon 64bit\Uninstall PSP Neon 64bit.lnk" -> [ "C:\Program Files\PSPaudioware\PSP Neon 64bit\PSP Neon_64bit_uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 988 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP McQ 64bit\Uninstall PSP McQ 64bit.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP McQ\PSP McQ_64bit_uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 989 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP MasterComp\Uninstall PSP MasterComp.lnk" -> [ "C:\Program Files\PSPaudioware\PSP MasterComp\uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 990 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Echo 64bit\Uninstall PSP Echo 64bit.lnk" -> [ "C:\Program Files\PSPaudioware\PSP Echo 64bit\PSP Echo_64bit_uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 991 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP BussPressor 64bit\Uninstall PSP BussPressor 64bit.lnk" -> [ "C:\Program Files\PSPaudioware\PSP BussPressor 64bit\PSP BussPressor_64bit_uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 992 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 85 64bit\Uninstall PSP 85 64bit.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP 85\PSP 85_64bit_uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 993 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 608 MultiDelay 64bit\Uninstall PSP 608 MultiDelay 64bit.lnk" -> [ "C:\Program Files\PSPaudioware\PSP 608 MultiDelay 64bit\PSP 608 MultiDelay_64bit_uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 994 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 2Meters 64bit\Uninstall PSP 2Meters 64bit.lnk" -> [ "C:\Program Files\PSPaudioware\PSP 2Meters 64bit\PSP 2Meters_64bit_uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 995 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\Lexicon PSP 42 64bit\Uninstall Lexicon PSP 42 64bit.lnk" -> [ "C:\Program Files\VSTPlugIns\Lexicon PSP 42_64bit_uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 996 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso\Process Lasso.lnk" -> [ "C:\Program Files\Process Lasso\ProcessLassoLauncher.exe" ] (Method RN-S) (OK)
[ OK ] 997 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plogue\chipsounds\Generate logs.lnk" -> [ "C:\Program Files\Plogue\Aria\AriaReporter.exe" ] (Method RN-S) (OK)
[ OK ] 998 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk" -> [ "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" ] (Method RN-S) (OK)
[ OK ] 1000 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Hotspot Admin\Uninstall.lnk" -> [ "C:\Windows\SysWOW64\SupportAppPBHostless Modem\Setup.exe" ] (Method RN-S) (OK)
[ OK ] 1001 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk" -> [ "C:\Program Files\Microsoft Office\Office15\INFOPATH.EXE" ] (Method RN-S) (OK)
[ OK ] 1002 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeldaProduction\MTotalBundle64\Uninstall MTotalBundle64.lnk" -> [ "C:\Program Files\MeldaProduction\MTotalBundle64 8\setup.exe" ] (Method RN-S) (OK)
[ OK ] 1003 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeldaProduction\MeldaProduction Audio Plugins\Uninstall Audio Plugins.lnk" -> [ "C:\Program Files\MeldaProduction\Audio Plugins 10\setup.exe" ] (Method RN-S) (OK)
[ OK ] 1004 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio\Oxygen\Uninstall M-Audio Oxygen Driver.lnk" -> [ "C:\Windows\System32\msiexec.exe" ] (Method RN-S) (OK)
[ OK ] 1005 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Mouse and Keyboard\Mouse and Keyboard Settings.lnk" -> [ "C:\Program Files\Logitech\SetPointP\SetPoint.exe" ] (Method RN-S) (OK)
[ OK ] 1006 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kush\Uninstall Kush - Hammer DSP v1.0.0.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1007 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KD Niche Finder\Uninstall KD Niche Finder.lnk" -> [ "C:\Windows\KD Niche Finder\uninstall.exe" ] (Method RN-S) (OK)
[ OK ] 1008 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64\Configuration\DirectVobSub (x64).lnk" -> [ "C:\Windows\System32\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1009 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64\Configuration\ffdshow audio decoder (x64).lnk" -> [ "C:\Windows\System32\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1010 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64\Configuration\ffdshow VFW interface (x64).lnk" -> [ "C:\Windows\System32\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1011 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64\Configuration\ffdshow video decoder (x64).lnk" -> [ "C:\Windows\System32\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1012 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64\Configuration\Haali Media Splitter (x64).lnk" -> [ "C:\Program Files\K-Lite Codec Pack x64\Tools\dsconfig64.exe" ] (Method RN-S) (OK)
[ OK ] 1013 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64\Configuration\LAV Audio (x64).lnk" -> [ "C:\Windows\System32\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1014 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64\Configuration\LAV Splitter (x64).lnk" -> [ "C:\Windows\System32\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1015 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64\Configuration\LAV Video (x64).lnk" -> [ "C:\Windows\System32\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1016 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64\Configuration\Reset to recommended settings.lnk" -> [ "C:\Program Files\K-Lite Codec Pack x64\Tools\CodecTweakTool.exe" ] (Method RN-S) (OK)
[ OK ] 1017 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk" -> [ "C:\Windows\SysWOW64\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1018 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk" -> [ "C:\Windows\SysWOW64\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1019 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk" -> [ "C:\Windows\SysWOW64\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1020 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk" -> [ "C:\Windows\SysWOW64\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1021 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk" -> [ "C:\Windows\System32\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1022 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk" -> [ "C:\Windows\System32\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1023 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk" -> [ "C:\Windows\System32\rundll32.exe" ] (Method RN-S) (OK)
[ OK ] 1024 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk" -> [ "C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe" ] (Method RN-S) (OK)
[ OK ] 1025 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk" -> [ "C:\Program Files\Java\jre1.8.0_121\bin\javacpl.exe" ] (Method RN-S) (OK)
[ OK ] 1026 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk" -> [ "C:\Program Files\Java\jre1.8.0_121\bin\javacpl.exe" ] (Method RN-S) (OK)
[ OK ] 1027 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Update Manager\Intel(R) Update Manager.lnk" -> [ "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe" ] (Method RN-S) (OK)
[ OK ] 1028 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HFSExplorer\Run HFSExplorer in Administrator mode.lnk" -> [ "C:\Program Files (x86)\HFSExplorer\hfsexplorer.exe" ] (Method RN-S) (OK)
[ OK ] 1029 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk\Google Talk.lnk" -> [ "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" ] (Method RN-S) (OK)
[ OK ] 1030 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk\Support\Google Talk Diagnostic Mode.lnk" -> [ "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" ] (Method RN-S) (OK)
[ OK ] 1031 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE\ET6\UnInstall.lnk" -> [ "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe" ] (Method RN-S) (OK)
[ OK ] 1032 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale NotePad 2012\User Manual.lnk" -> [ "C:\Program Files (x86)\Internet Explorer\iexplore.exe" ] (Method RN-S) (OK)
[ OK ] 1033 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exponential Audio\Uninstall Exponential Audio - Nimbus v1.0.0.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1034 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exponential Audio\Uninstall Exponential Audio - R2 Stereo Reverb v3.0.2.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1035 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Empirical Labs\Uninstall Empirical Labs - Arousor v1.0.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1036 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eiosis\Uninstall Eiosis - E2Deesser v1.0.3.1.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1037 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Check for Updates.lnk" -> [ "C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe" ] (Method RN-S) (OK)
[ OK ] 1038 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Register.lnk" -> [ "C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe" ] (Method RN-S) (OK)
[ OK ] 1039 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion\DisplayFusion Desktop Wallpaper.lnk" -> [ "C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe" ] (Method RN-S) (OK)
[ OK ] 1040 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion\DisplayFusion Monitor Configuration.lnk" -> [ "C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe" ] (Method RN-S) (OK)
[ OK ] 1041 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion\DisplayFusion Settings.lnk" -> [ "C:\Program Files (x86)\DisplayFusion\DisplayFusionCommand.exe" ] (Method RN-S) (OK)
[ OK ] 1042 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\BigClickCracked78Demo.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1043 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\Demo1.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1044 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\DSS Demo.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1045 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\Female Child Voice ID Test Sentence High Quality.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1046 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\Female Child Voice ID Test Sentence Low Quality.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1047 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\Female Voice ID Test Sentence - High Quality.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1048 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\Female Voice ID Test Sentence - Low Quality.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1049 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\ForensicsDemo.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1050 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\HissBurstDemo.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1051 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\Male Voice ID Test Sentence - High Quality.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1052 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\Male Voice ID Test Sentence - Low Quality.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1053 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diamond Cut Audio\Demo Wave Files\RadioDemo.lnk" -> [ "C:\Program Files (x86)\Diamond Cut Productions\DCForensics8\DCForensics8.exe" ] (Method RN-S) (OK)
[ OK ] 1054 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\COMODO Firewall\Add and Remove components.lnk" -> [ "C:\Windows\System32\msiexec.exe" ] (Method RN-S) (OK)
[ OK ] 1055 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\COMODO Firewall\COMODO Firewall.lnk" -> [ "C:\Program Files\COMODO\COMODO Internet Security\cistray.exe" ] (Method RN-S) (OK)
[ OK ] 1056 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite\Carbonite.lnk" -> [ "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" ] (Method RN-S) (OK)
[ OK ] 1057 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite\Uninstall Carbonite.lnk" -> [ "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe" ] (Method RN-S) (OK)
[ OK ] 1058 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid\Pro Tools\Documentation.lnk" -> [ "C:\Windows\SysWOW64\explorer.exe" ] (Method RN-S) (OK)
[ OK ] 1059 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid\Mbox\Uninstall Avid Mbox Driver.lnk" -> [ "C:\Windows\System32\msiexec.exe" ] (Method RN-S) (OK)
[ OK ] 1060 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk" -> [ "C:\Windows\System32\compmgmt.msc" ] (Method RN-S) (OK)
[ OK ] 1061 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk" -> [ "C:\Windows\System32\eventvwr.msc" ] (Method RN-S) (OK)
[ OK ] 1062 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk" -> [ "C:\Windows\System32\perfmon.msc" ] (Method RN-S) (OK)
[ OK ] 1063 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk" -> [ "C:\Windows\System32\perfmon.exe" ] (Method RN-S) (OK)
[ OK ] 1064 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk" -> [ "C:\WINDOWS\system32\secpol.msc" ] (Method RN-S) (OK)
[ OK ] 1065 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk" -> [ "C:\Windows\System32\taskschd.msc" ] (Method RN-S) (OK)
[ OK ] 1066 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Activate Acronis Startup Recovery Manager.lnk" -> [ "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe" ] (Method RN-S) (OK)
[ OK ] 1067 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Add New Disk.lnk" -> [ "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe" ] (Method RN-S) (OK)
[ OK ] 1068 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Clone Disk.lnk" -> [ "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe" ] (Method RN-S) (OK)
[ OK ] 1069 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\DriveCleanser.lnk" -> [ "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe" ] (Method RN-S) (OK)
[ OK ] 1070 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Manage Acronis Secure Zone.lnk" -> [ "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe" ] (Method RN-S) (OK)
[ OK ] 1071 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\System Clean-up.lnk" -> [ "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe" ] (Method RN-S) (OK)
[ OK ] 1072 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Try&Decide.lnk" -> [ "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe" ] (Method RN-S) (OK)
[ OK ] 1073 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk" -> [ "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" ] (Method RN-S) (OK)
[ OK ] 1074 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk" -> [ "C:\Windows\Speech\Common\sapisvr.exe" ] (Method RN-S) (OK)
[ OK ] 1075 "C:\ProgramData\Microsoft\Windows\Start Menu\McDSP\Uninstall McDSP - 6020 Ultimate EQ v6.1.0.8.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1076 "C:\ProgramData\Microsoft\Windows\Start Menu\McDSP\Uninstall McDSP - 6050 Ultimate Channel Strip v6.2.0.10.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1077 "C:\ProgramData\Microsoft\Windows\Start Menu\McDSP\Uninstall McDSP - FutzBox v6.1.0.8.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1078 "C:\ProgramData\Microsoft\Windows\Start Menu\McDSP\Uninstall McDSP - ML4000 v6.1.0.8.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1079 "C:\ProgramData\Microsoft\Windows\Start Menu\McDSP\Uninstall McDSP - SA-2 Dialog Processor v6.1.0.8.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1080 "C:\ProgramData\Microsoft\Windows\Start Menu\MathewLane\Uninstall Mathew Lane - StereoDelta v1.1.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1081 "C:\ProgramData\Microsoft\Windows\Start Menu\Kush\Uninstall Kush - Electra-DSP v1.0.2.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1082 "C:\ProgramData\Microsoft\Windows\Start Menu\Kush\Uninstall Kush - Pusher v1.0.9.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1083 "C:\ProgramData\Microsoft\Windows\Start Menu\Kush\Uninstall Kush - Transformer Model A and N v1.0.4.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1084 "C:\ProgramData\Microsoft\Windows\Start Menu\Exponential Audio\Uninstall Excalibur v1.0.5.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1085 "C:\ProgramData\Microsoft\Windows\Start Menu\Exponential Audio\Uninstall PhoenixVerb Stereo Reverb v2.1.3.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1086 "C:\ProgramData\Microsoft\Windows\Start Menu\Eventide\Uninstall Eventide - Anthology X v1.0.4.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1087 "C:\ProgramData\Microsoft\Windows\Start Menu\Eventide\Uninstall Eventide - Blackhole v2.0.8.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1088 "C:\ProgramData\Microsoft\Windows\Start Menu\Eiosis\Uninstall Eiosis AirEQ Premium 1.1.1.3.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1089 "C:\ProgramData\Microsoft\Windows\Start Menu\Antares\Uninstall Antares - Auto-Tune v8.1.1.lnk" -> [ "C:\ProgramData\AudioUTOPiA\Uninstall64.exe" ] (Method RN-S) (OK)
[ OK ] 1092 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk" -> [ "C:\WINDOWS\system32\WFS.exe" ] (Method RN-S) (OK)
[ OK ] 1093 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk" -> [ "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" ] (Method RN-S) (OK)
[ OK ] 1094 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk" -> [ "C:\Windows\explorer.exe" ] (Method RN-S) (OK)
[ OK ] 1095 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 1096 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 1097 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 1098 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 1099 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk" -> [ "C:\Windows\explorer.exe" ] (Method RN-S) (OK)
[ OK ] 1100 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk" -> [ "C:\Windows\explorer.exe" ] (Method RN-S) (OK)
[ OK ] 1101 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk" -> [ "C:\Windows\explorer.exe" ] (Method RN-S) (OK)
[ OK ] 1102 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk" -> [ "C:\Windows\System32\Taskmgr.exe" ] (Method RN-S) (OK)
[ OK ] 1103 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk" -> [ "C:\Windows\explorer.exe" ] (Method RN-S) (OK)
[ OK ] 1104 "C:\Users\SamSwanson\Desktop\Slack.lnk" -> [ "C:\Users\SamSwanson\AppData\Local\slack\Update.exe" ] (Method RN-S) (OK)
[ OK ] 1105 "C:\Users\SamSwanson\AppData\Roaming\ZHP\Quarantine\QuickTime\QuickTime\Uninstall QuickTime.lnk" -> [ "C:\Windows\SysWOW64\msiexec.exe" ] (Method RN-S) (OK)
[ OK ] 1108 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies\Slack.lnk" -> [ "C:\Users\SamSwanson\AppData\Local\slack\Update.exe" ] (Method RN-S) (OK)
[ OK ] 1109 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nomad Factory\Uninstall NF VST 64-bit Installer.lnk" -> [ "C:\Program Files\Nomad Factory\uninstall_vst_64.exe" ] (Method RN-S) (OK)
[ OK ] 1110 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jack\Jack NetDriver.lnk" -> [ "C:\Program Files (x86)\Jack\jackd.exe" ] (Method RN-S) (OK)
[ OK ] 1111 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jack\Jack PortAudio.lnk" -> [ "C:\Program Files (x86)\Jack\jackd.exe" ] (Method RN-S) (OK)
[ OK ] 1113 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gizmo Central\Gizmo Manager.lnk" -> [ "C:\Program Files (x86)\Gizmo\gizmo.exe" ] (Method RN-S) (OK)
[ OK ] 1114 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gizmo Central\Uninstall.lnk" -> [ "C:\Program Files (x86)\Gizmo\gdirector.exe" ] (Method RN-S) (OK)
[ OK ] 1116 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk" -> [ "C:\Windows\System32\wfs.exe" ] (Method RN-S) (OK)
[ OK ] 1117 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk" -> [ "C:\Program Files (x86)\Skype\Phone\Skype.exe" ] (Method RN-S) (OK)
[ OK ] 1118 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk" -> [ "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" ] (Method RN-S) (OK)
[ OK ] 1120 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk" -> [ "C:\Windows\explorer.exe" ] (Method RN-S) (OK)
[ OK ] 1121 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 1122 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 1123 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 1124 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk" -> [ "C:\Windows\System32\control.exe" ] (Method RN-S) (OK)
[ OK ] 1125 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk" -> [ "C:\Windows\explorer.exe" ] (Method RN-S) (OK)
[ OK ] 1126 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk" -> [ "C:\Windows\explorer.exe" ] (Method RN-S) (OK)
[ OK ] 1127 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk" -> [ "C:\Windows\explorer.exe" ] (Method RN-S) (OK)
[ OK ] 1128 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk" -> [ "C:\Windows\System32\Taskmgr.exe" ] (Method RN-S) (OK)
[ OK ] 1129 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk" -> [ "C:\Windows\explorer.exe" ] (Method RN-S) (OK)
.
[ATTR] 33 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk" -> [ "C:\Windows\System32\control.exe" ] (OK) (attribute system was removed)
[ATTR] 41 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk" -> [ "C:\Windows\PrintDialog\PrintDialog.exe" ] (OK) (attribute system was removed)
.
[DEL ] 8 "C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk" (target was not recovered)
[DEL ] 9 "C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk" (target was not recovered)
[DEL ] 30 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk" (target was not recovered)
[DEL ] 34 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KD Niche Finder.lnk" (target was not recovered)
[DEL ] 37 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk" (target was not recovered)
[DEL ] 155 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX\Nexus\Uninstall Nexus.lnk" (target was not recovered)
[DEL ] 225 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overloud\Mark Studio 2\Manual.lnk" (target was not recovered)
[DEL ] 226 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overloud\Mark Studio 2\Uninstall.lnk" (target was not recovered)
[DEL ] 346 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk" (target was not recovered)
[DEL ] 350 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk" (target was not recovered)
[DEL ] 351 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk" (target was not recovered)
[DEL ] 386 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KD Niche Finder\KD Niche Finder.lnk" (target was not recovered)
[DEL ] 415 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\RX 5 Audio Editor\iZotope RX 5 Help PDF.lnk" (target was not recovered)
[DEL ] 432 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\Insight\Readme.lnk" (target was not recovered)
[DEL ] 435 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\BreakTweaker Factory Content\Uninstall iZotope BreakTweaker Factory Content.lnk" (target was not recovered)
[DEL ] 516 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4\Uninstall Driver Booster 4.lnk" (target was not recovered)
[DEL ] 537 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D16 Group\Repeater\Manual.lnk" (target was not recovered)
[DEL ] 584 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Assault\Head Crusher\Head Crusher - Manual.lnk" (target was not recovered)
[DEL ] 645 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk" (target was not recovered)
[DEL ] 646 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk" (target was not recovered)
[DEL ] 647 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk" (target was not recovered)
[DEL ] 648 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" (target was not recovered)
[DEL ] 649 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk" (target was not recovered)
[DEL ] 654 "C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk" (target was not recovered)
[DEL ] 655 "C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk" (target was not recovered)
[DEL ] 656 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk" (target was not recovered)
[DEL ] 658 "C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk" (target was not recovered)
[DEL ] 686 "C:\Users\SamSwanson\Links\RecentPlaces.lnk" (target was not recovered)
[DEL ] 718 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SessionFiles.lnk" (target was not recovered)
[DEL ] 755 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk" (target was not recovered)
[DEL ] 756 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk" (target was not recovered)
[DEL ] 757 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk" (target was not recovered)
[DEL ] 758 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" (target was not recovered)
[DEL ] 759 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk" (target was not recovered)
[DEL ] 784 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overloud\REmatrix\REmatrix.lnk" (target was not recovered)
[DEL ] 827 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake\Handbrake.lnk" (target was not recovered)
[DEL ] 908 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk" (target was not recovered)
[DEL ] 909 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk" (target was not recovered)
[DEL ] 911 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk" (target was not recovered)
[DEL ] 912 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk" (target was not recovered)
[DEL ] 914 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk" (target was not recovered)
[DEL ] 922 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk" (target was not recovered)
[DEL ] 923 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk" (target was not recovered)
[DEL ] 924 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxLIVEGames_8wekyb3d8bbwe\Microsoft.XboxLIVEGames.lnk" (target was not recovered)
[DEL ] 925 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowsphotos_8wekyb3d8bbwe\Microsoft.WindowsLive.ModernPhotos.lnk" (target was not recovered)
[DEL ] 926 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Calendar.lnk" (target was not recovered)
[DEL ] 927 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Chat.lnk" (target was not recovered)
[DEL ] 928 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk" (target was not recovered)
[DEL ] 929 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.People.lnk" (target was not recovered)
[DEL ] 930 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk" (target was not recovered)
[DEL ] 931 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Reader_8wekyb3d8bbwe\Microsoft.Reader.lnk" (target was not recovered)
[DEL ] 932 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.microsoftskydrive_8wekyb3d8bbwe\Microsoft.MicrosoftSkyDrive.lnk" (target was not recovered)
[DEL ] 933 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Camera_8wekyb3d8bbwe\Microsoft.Camera.lnk" (target was not recovered)
[DEL ] 934 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Bing_8wekyb3d8bbwe\Microsoft.Bing.lnk" (target was not recovered)
[DEL ] 935 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk" (target was not recovered)
[DEL ] 936 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk" (target was not recovered)
[DEL ] 937 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk" (target was not recovered)
[DEL ] 938 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk" (target was not recovered)
[DEL ] 939 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingMaps_8wekyb3d8bbwe\AppexMaps.lnk" (target was not recovered)
[DEL ] 940 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk" (target was not recovered)
[DEL ] 941 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\KAYAK.com.KAYAKTravel_7wg9ew7ydej3j\App.lnk" (target was not recovered)
[DEL ] 942 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\E97CB0A1.LogitechCameraController_wd885nsp30hay\LogiDeviceApp.App.lnk" (target was not recovered)
[DEL ] 943 "C:\Users\SamSwanson\AppData\Local\Microsoft\Windows\Application Shortcuts\BarnesNoble.Nook_ahnzqzva31enc\App.lnk" (target was not recovered)
[DEL ] 1090 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk" (target was not recovered)
[DEL ] 1091 "C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk" (target was not recovered)
[DEL ] 1106 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk" (target was not recovered)
[DEL ] 1107 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk" (target was not recovered)
[DEL ] 1131 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VersePerfect\Documentation.url"
[DEL ] 1132 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VersePerfect\Updates.url"
[DEL ] 1133 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VersePerfect\Links\Bryant McGill.url"
[DEL ] 1134 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller on the Web.url"
[DEL ] 1135 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Hide IP\Buy Real Hide IP.url"
[DEL ] 1136 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Hide IP\Real Hide IP Site.url"
[DEL ] 1137 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid SEO Tool\Blumentals Software Web Site.url"
[DEL ] 1138 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive\Native Instruments Homepage.url"
[DEL ] 1139 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Mp3tag Website.url"
[DEL ] 1140 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeldaProduction\MTotalBundle64\MTotalBundle website.url"
[DEL ] 1141 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MeldaProduction\MeldaProduction Audio Plugins\MeldaProduction website.url"
[DEL ] 1142 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url"
[DEL ] 1143 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url"
[DEL ] 1144 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion\DisplayFusion on the Web.url"
[DEL ] 1145 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url"
[DEL ] 1146 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\Get Involved.url"
[DEL ] 1147 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management\User Manual.url"
[DEL ] 1148 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\User's guide.url"
[DEL ] 1149 "C:\Users\SamSwanson\Favorites\Bing.url"
[DEL ] 1150 "C:\Users\SamSwanson\Favorites\The NeoSmart Files.url"
[DEL ] 1151 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zynaptiq\UNFILTER VST-x64 1.2.1\Web Page.url"
[DEL ] 1152 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zynaptiq\UNCHIRP VST-x64 1.0.0\UNCHIRP VST Web Page.url"
[DEL ] 1153 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zynaptiq\PITCHMAP VST-x64 1.6.1\Web Page.url"
[DEL ] 1154 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Home Page.url"
[DEL ] 1155 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sugar Bytes\Sugar Bytes Website.url"
[DEL ] 1156 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sample Magic\Magic AB VST-x64 1.2.2\Web Page.url"
[DEL ] 1157 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Native Instruments Homepage.url"
[DEL ] 1158 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser\Visit Maxthon Forum.url"
[DEL ] 1159 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\East West Stormdrum Intakt\Native Instruments Homepage.url"
[DEL ] 1160 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL"
.
[SKIP] 40 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk -> C:\Windows\Installer\{47B42E7A-57E9-407B-8DBB-017B86D7B13F}\Professional.ico" (shortcut was not found)
[SKIP] 49 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt" (shortcut was not found)
[SKIP] 50 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt" (shortcut was not found)
[SKIP] 72 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Homepage.lnk -> C:\Program Files\Virtual Audio Cable\homepage.url" (shortcut was not found)
[SKIP] 73 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\License Agreement.lnk -> C:\Program Files\Virtual Audio Cable\license.txt" (shortcut was not found)
[SKIP] 74 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Readme.lnk -> C:\Program Files\Virtual Audio Cable\readme.txt" (shortcut was not found)
[SKIP] 76 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url" (shortcut was not found)
[SKIP] 77 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt" (shortcut was not found)
[SKIP] 78 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url" (shortcut was not found)
[SKIP] 82 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio\ASIO Bridge\Readme.LNK -> C:\Program Files (x86)\VB\ASIOBridge\readme.txt" (shortcut was not found)
[SKIP] 84 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unibrain ubCore\Documentation\ChangeLog.lnk -> C:\Program Files\Unibrain\ubCore\Readme.txt" (shortcut was not found)
[SKIP] 86 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\How to register.lnk -> C:\Program Files (x86)\UnHackMe\order.txt" (shortcut was not found)
[SKIP] 87 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Read me.lnk -> C:\Program Files (x86)\UnHackMe\readme.txt" (shortcut was not found)
[SKIP] 103 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy\TeraCopy on the Web.lnk -> C:\Program Files\TeraCopy\TeraCopy.url" (shortcut was not found)
[SKIP] 115 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TC Electronic\M30 Reverb\License.lnk -> C:\Program Files (x86)\TC Electronic\M30 Reverb\Native\TCE_License.txt" (shortcut was not found)
[SKIP] 121 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.lnk -> C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C92.url" (shortcut was not found)
[SKIP] 123 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Snagit 11.lnk" (shortcut was not found)
[SKIP] 158 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER License and User Agreement.lnk -> C:\Program Files\REAPER (x64)\license.txt" (shortcut was not found)
[SKIP] 160 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\Whatsnew.txt.lnk -> C:\Program Files\REAPER (x64)\whatsnew.txt" (shortcut was not found)
[SKIP] 163 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Xenon\End User License Agreement.lnk -> C:\Program Files\PSPaudioware\PSP Xenon\EULA.txt" (shortcut was not found)
[SKIP] 165 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Xenon\PSP Xenon Version History.lnk -> C:\Program Files\PSPaudioware\PSP Xenon\PSP Xenon Version History.txt" (shortcut was not found)
[SKIP] 167 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP SpringBox 64bit\End User License Agreement.lnk -> C:\Program Files\VSTPlugIns\PSP SpringBox\EULA.txt" (shortcut was not found)
[SKIP] 169 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP SpringBox 64bit\PSP SpringBox Version History.lnk -> C:\Program Files\VSTPlugIns\PSP SpringBox\PSP SpringBox Version History.txt" (shortcut was not found)
[SKIP] 171 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP PianoVerb2 64bit\End User License Agreement.lnk -> C:\Program Files\VSTPlugIns\PSP PianoVerb2\EULA.txt" (shortcut was not found)
[SKIP] 173 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP PianoVerb2 64bit\PSP PianoVerb2 Version History.lnk -> C:\Program Files\VSTPlugIns\PSP PianoVerb2\PSP PianoVerb2 Version History.txt" (shortcut was not found)
[SKIP] 175 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP oldTimer 64bit\End User License Agreement.lnk -> C:\Program Files\PSPaudioware\PSP oldTimer 64bit\EULA.txt" (shortcut was not found)
[SKIP] 177 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP oldTimer 64bit\PSP oldTimer Version History.lnk -> C:\Program Files\PSPaudioware\PSP oldTimer 64bit\PSP oldTimer Version History.txt" (shortcut was not found)
[SKIP] 180 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP NobleQ 64bit\End User License Agreement.lnk -> C:\Program Files\PSPaudioware\PSP NobleQ 64bit\EULA.txt" (shortcut was not found)
[SKIP] 182 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP NobleQ 64bit\PSP NobleQ Version History.lnk -> C:\Program Files\PSPaudioware\PSP NobleQ 64bit\PSP NobleQ Version History.txt" (shortcut was not found)
[SKIP] 184 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Neon 64bit\End User License Agreement.lnk -> C:\Program Files\PSPaudioware\PSP Neon 64bit\EULA.txt" (shortcut was not found)
[SKIP] 186 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Neon 64bit\PSP Neon Version History.lnk -> C:\Program Files\PSPaudioware\PSP Neon 64bit\PSP Neon Version History.txt" (shortcut was not found)
[SKIP] 188 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP McQ 64bit\End User License Agreement.lnk -> C:\Program Files\VSTPlugIns\PSP McQ\EULA.txt" (shortcut was not found)
[SKIP] 190 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP McQ 64bit\PSP McQ Version History.lnk -> C:\Program Files\VSTPlugIns\PSP McQ\PSP McQ Version History.txt" (shortcut was not found)
[SKIP] 192 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP MasterComp\End User License Agreement.lnk -> C:\Program Files\PSPaudioware\PSP MasterComp\EULA.txt" (shortcut was not found)
[SKIP] 194 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP MasterComp\PSP MasterComp Version History.lnk -> C:\Program Files\PSPaudioware\PSP MasterComp\PSP MasterComp Version History.txt" (shortcut was not found)
[SKIP] 196 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Echo 64bit\End User License Agreement.lnk -> C:\Program Files\PSPaudioware\PSP Echo 64bit\EULA.txt" (shortcut was not found)
[SKIP] 198 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Echo 64bit\PSP Echo Version History.lnk -> C:\Program Files\PSPaudioware\PSP Echo 64bit\PSP Echo Version History.txt" (shortcut was not found)
[SKIP] 200 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP BussPressor 64bit\End User License Agreement.lnk -> C:\Program Files\PSPaudioware\PSP BussPressor 64bit\EULA.txt" (shortcut was not found)
[SKIP] 202 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP BussPressor 64bit\PSP BussPressor Version History.lnk -> C:\Program Files\PSPaudioware\PSP BussPressor 64bit\PSP BussPressor Version History.txt" (shortcut was not found)
[SKIP] 204 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 85 64bit\End User License Agreement.lnk -> C:\Program Files\VSTPlugIns\PSP 85\EULA.txt" (shortcut was not found)
[SKIP] 206 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 85 64bit\PSP 85 Version History.lnk -> C:\Program Files\VSTPlugIns\PSP 85\PSP 85 Version History.txt" (shortcut was not found)
[SKIP] 208 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 608 MultiDelay 64bit\End User License Agreement.lnk -> C:\Program Files\PSPaudioware\PSP 608 MultiDelay 64bit\EULA.txt" (shortcut was not found)
[SKIP] 210 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 608 MultiDelay 64bit\PSP 608 MultiDelay Version History.lnk -> C:\Program Files\PSPaudioware\PSP 608 MultiDelay 64bit\PSP 608 MultiDelay Version History.txt" (shortcut was not found)
[SKIP] 212 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 2Meters 64bit\End User License Agreement.lnk -> C:\Program Files\PSPaudioware\PSP 2Meters 64bit\EULA.txt" (shortcut was not found)
[SKIP] 214 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 2Meters 64bit\PSP 2Meters Version History.lnk -> C:\Program Files\PSPaudioware\PSP 2Meters 64bit\PSP 2Meters Version History.txt" (shortcut was not found)
[SKIP] 216 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\Lexicon PSP 42 64bit\End User License Agreement.lnk -> C:\Program Files\VSTPlugIns\EULA.txt" (shortcut was not found)
[SKIP] 218 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\Lexicon PSP 42 64bit\Lexicon PSP42 Version History.lnk -> C:\Program Files\VSTPlugIns\Lexicon PSP42 Version History.txt" (shortcut was not found)
[SKIP] 223 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plogue\chipsounds\Online Support.lnk -> C:\Program Files\Plogue\chipsounds\PlogueOnlineSupport.url" (shortcut was not found)
[SKIP] 229 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Visualizer1_9\NuGen Audio web-site.lnk -> C:\Program Files (x86)\NuGen Audio\Visualizer1_9\Internet shortcut.url" (shortcut was not found)
[SKIP] 233 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\VisLM\NUGEN Audio web-site.lnk -> C:\Program Files\NUGEN Audio\VisLM\Internet shortcut.url" (shortcut was not found)
[SKIP] 237 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Stereoplacer3\NUGEN Audio web-site.lnk -> C:\Program Files\NUGEN Audio\Stereoplacer3\Internet shortcut.url" (shortcut was not found)
[SKIP] 241 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Stereoizer3\NUGEN Audio web-site.lnk -> C:\Program Files\NUGEN Audio\Stereoizer3\Internet shortcut.url" (shortcut was not found)
[SKIP] 244 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\SEQ2 Master\NuGen Audio web-site.lnk -> C:\Program Files (x86)\NuGen Audio\SEQ2 Master\Internet shortcut.url" (shortcut was not found)
[SKIP] 247 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\SEQ1 Master\NuGen Audio web-site.lnk -> C:\Program Files (x86)\NuGen Audio\SEQ1 Master\Internet shortcut.url" (shortcut was not found)
[SKIP] 251 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\SEQ-S\NUGEN Audio web-site.lnk -> C:\Program Files\NUGEN Audio\SEQ-S\Internet shortcut.url" (shortcut was not found)
[SKIP] 256 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Monofilter4\NUGEN Audio web-site.lnk -> C:\Program Files\NUGEN Audio\Monofilter4\Internet shortcut.url" (shortcut was not found)
[SKIP] 259 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\ISL\NUGEN Audio web-site.lnk -> C:\Program Files\NUGEN Audio\ISL\Internet shortcut.url" (shortcut was not found)
[SKIP] 265 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive\Documentation\Readme.txt.lnk -> C:\Program Files (x86)\Native Instruments\Massive\Documentation\Readme.txt" (shortcut was not found)
[SKIP] 267 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Readme.txt.lnk -> C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Readme.txt" (shortcut was not found)
[SKIP] 280 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Documentation\Readme.txt.lnk -> C:\Program Files\Native Instruments\Service Center\Documentation\Readme.txt" (shortcut was not found)
[SKIP] 290 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Guitar Rig 5\Documentation\Readme.txt.lnk -> C:\Program Files\Native Instruments\Guitar Rig 5\Documentation\Readme.txt" (shortcut was not found)
[SKIP] 308 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\FM8\Documentation\Readme.txt.lnk -> C:\Program Files\Native Instruments\FM8\Documentation\Readme.txt" (shortcut was not found)
[SKIP] 316 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Controller Editor\Documentation\Readme.txt.lnk -> C:\Program Files\Native Instruments\Controller Editor\Documentation\Readme.txt" (shortcut was not found)
[SKIP] 325 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Absynth 5\Documentation\Readme.txt.lnk -> C:\Program Files\Native Instruments\Absynth 5\Documentation\Readme.txt" (shortcut was not found)
[SKIP] 329 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Version history.lnk -> C:\Program Files (x86)\Mp3tag\Mp3tagVersion.txt" (shortcut was not found)
[SKIP] 332 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MJUCjr\Changelog.lnk -> C:\Program Files\Klanghelm\MJUCjr\changelog.txt" (shortcut was not found)
[SKIP] 335 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MJUC\Changelog.lnk -> C:\Program Files\Klanghelm\MJUC\changelog.txt" (shortcut was not found)
[SKIP] 368 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio\Oxygen\ReadMe.txt.lnk -> C:\Program Files\M-Audio\Oxygen\ReadMe.txt" (shortcut was not found)
[SKIP] 379 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link-AssistantCom\Links\Link-AssistantCom Home Page.lnk -> C:\Program Files (x86)\Link-AssistantCom\SEO PowerSuite.url" (shortcut was not found)
[SKIP] 380 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link-AssistantCom\Links\Link-AssistantCom Support.lnk -> C:\Program Files (x86)\Link-AssistantCom\SEO PowerSuite Support.url" (shortcut was not found)
[SKIP] 407 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\Vinyl\ Visit iZotope.lnk -> C:\Program Files (x86)\VSTPlugIns\Vinyl\izotope.url" (shortcut was not found)
[SKIP] 412 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\Trash 2\Visit iZotope.lnk -> C:\Program Files\VSTPlugIns\Trash 2\izotope.url" (shortcut was not found)
[SKIP] 418 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\RX 5 Audio Editor\Visit iZotope.lnk -> C:\Program Files (x86)\iZotope\RX 5 Audio Editor\izotope.url" (shortcut was not found)
[SKIP] 426 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\Ozone 6\Visit iZotope.lnk -> C:\Program Files (x86)\iZotope\Ozone 6\izotope.url" (shortcut was not found)
[SKIP] 430 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\Nectar 2\Visit iZotope.lnk -> C:\Program Files (x86)\iZotope\Nectar 2\izotope.url" (shortcut was not found)
[SKIP] 434 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\Insight\Visit iZotope.lnk -> C:\Program Files (x86)\iZotope\Insight\izotope.url" (shortcut was not found)
[SKIP] 438 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\BreakTweaker\Visit iZotope.lnk -> C:\Program Files (x86)\iZotope\BreakTweaker\izotope.url" (shortcut was not found)
[SKIP] 439 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVGI\Changelog.lnk -> C:\VSTPlugIns\IVGI\changelog.txt" (shortcut was not found)
[SKIP] 488 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HFSExplorer\Developer Web Site.lnk -> C:\Program Files (x86)\HFSExplorer\HFSExplorer.url" (shortcut was not found)
[SKIP] 507 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Marker\Go To Folder Marker's Website.lnk -> C:\Program Files (x86)\Folder Marker\FolderMarkerWebsite.url" (shortcut was not found)
[SKIP] 572 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid\Mbox\ReadMe.txt.lnk -> C:\Program Files\Avid\Mbox\ReadMe.txt" (shortcut was not found)
[SKIP] 583 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Ease\Altiverb 6\Troubleshooting\Altiverb 6 LOG.lnk -> C:\Users\SamSwanson\AppData\Roaming\Audio Ease\Altiverb 6.log" (shortcut was not found)
[SKIP] 619 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\True Image\Tools and Utilities\Bootable Rescue Media Builder.lnk" (shortcut was not found)
[SKIP] 708 "C:\Users\SamSwanson\AppData\Roaming\ZHP\Quarantine\QuickTime\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}\RichText.ico" (shortcut was not found)
[SKIP] 709 "C:\Users\SamSwanson\AppData\Roaming\ZHP\Quarantine\QuickTime\QuickTime\PictureViewer.lnk -> C:\Windows\Installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}\PictureViewer.ico" (shortcut was not found)
[SKIP] 710 "C:\Users\SamSwanson\AppData\Roaming\ZHP\Quarantine\QuickTime\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}\QTPlayer.ico" (shortcut was not found)
[SKIP] 731 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt" (shortcut was not found)
[SKIP] 732 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt" (shortcut was not found)
[SKIP] 745 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio\ASIO Bridge\Readme.LNK -> C:\Program Files (x86)\VB\ASIOBridge\readme.txt" (shortcut was not found)
[SKIP] 766 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk" (shortcut was not found)
[SKIP] 806 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kindle DRM Removal\Readme.lnk -> C:\Program Files (x86)\eBookConverter\Kindle DRM Removal\Readme.txt" (shortcut was not found)
[SKIP] 883 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BWF MetaEdit\History.lnk -> C:\Program Files\BWF MetaEdit\History.txt" (shortcut was not found)
[SKIP] 885 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BWF MetaEdit\Website.lnk -> C:\Program Files\BWF MetaEdit\BWF MetaEdit.url" (shortcut was not found)
[SKIP] 888 "C:\Users\SamSwanson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL Web Site.lnk -> C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL Web Site.url" (shortcut was not found)
[SKIP] 966 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\SoftEther VPN Client Manager Startup.lnk" (shortcut was not found)
.
[WARN] 1 "C:\ProgramData\Spectrasonics\STEAM.lnk" -> [ "S:\More VSTI\Spectrasonics.Omnisphere.2.DVDR.D1\STEAM\STEAM" ] (already cured)
[WARN] 3 "C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk" -> [ "C:\Users\SamSwanson\Documents" ] (already cured)
[WARN] 4 "C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk" -> [ "C:\Users\SamSwanson\Downloads" ] (already cured)
[WARN] 5 "C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk" -> [ "C:\Users\SamSwanson\Music" ] (already cured)
[WARN] 6 "C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk" -> [ "C:\Users\SamSwanson\Pictures" ] (already cured)
[WARN] 7 "C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk" -> [ "C:\Users\SamSwanson\Videos" ] (already cured)
[WARN] 10 "C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk" -> [ "C:\Users\SamSwanson" ] (already cured)
[WARN] 12 "C:\ProgramData\Microsoft\Windows\Start Menu\Rhyme Genie.lnk" -> [ "C:\Program Files (x86)\Idolumic\Rhyme Genie\Rhyme Genie.exe" ] (already cured)
[WARN] 13 "C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk" -> [ "C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe" ] (already cured)
[WARN] 14 "C:\ProgramData\Microsoft\Windows\Start Menu\TuneSmith.lnk" -> [ "C:\Program Files (x86)\Idolumic\TuneSmith\TuneSmith.exe" ] (already cured)
[WARN] 15 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk" -> [ "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe" ] (already cured)
[WARN] 16 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS4.lnk" -> [ "C:\Program Files (x86)\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe" ] (already cured)
[WARN] 17 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk" -> [ "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" ] (already cured)
[WARN] 18 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk" -> [ "C:\Program Files (x86)\Adobe\Adobe Device Central CS5\DeviceCentral.exe" ] (already cured)
[WARN] 19 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk" -> [ "C:\Program Files (x86)\Adobe\Adobe Utilities\ExtendScript Toolkit CS4\ExtendScript Toolkit.exe" ] (already cured)
[WARN] 20 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk" -> [ "C:\Program Files (x86)\Adobe\Adobe Utilities - CS5\ExtendScript Toolkit CS5\ExtendScript Toolkit.exe" ] (already cured)
[WARN] 21 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk" -> [ "C:\Program Files (x86)\Adobe\Adobe Extension Manager CS4\Adobe Extension Manager CS4.exe" ] (already cured)
[WARN] 22 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk" -> [ "C:\Program Files (x86)\Adobe\Adobe Extension Manager CS5\Adobe Extension Manager CS5.exe" ] (already cured)
[WARN] 23 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS4.lnk" -> [ "C:\Program Files (x86)\Adobe\Adobe Media Encoder CS4\Adobe Media Encoder.exe" ] (already cured)
[WARN] 24 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk" -> [ "C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe" ] (already cured)
[WARN] 25 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5 64-bit.lnk" -> [ "C:\Program Files\Adobe\Adobe Photoshop Lightroom 5\lightroom.exe" ] (already cured)
[WARN] 26 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk" -> [ "C:\Program Files (x86)\Adobe\Adobe Utilities\Pixel Bender Toolkit\pixel_bender_toolkit.exe" ] (already cured)
[WARN] 27 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmpegSVX.lnk" -> [ "C:\Program Files\VSTPlugIns\AmpegSVX.exe" ] (already cured)
[WARN] 28 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk" -> [ "C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe" ] (already cured)
[WARN] 29 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\atomiccleaner3.lnk" -> [ "C:\Program Files (x86)\atomicware\atomiccleaner3\atomiccleaner3.exe" ] (already cured)
[WARN] 31 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" -> [ "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ] (already cured)
[WARN] 32 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk" -> [ "C:\Program Files (x86)\iLok License Manager\iLok License Manager.exe" ] (already cured)
[WARN] 35 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk" -> [ "C:\Program Files (x86)\Market Samurai\Market Samurai.exe" ] (already cured)
[WARN] 36 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk" -> [ "C:\Program Files\Microsoft\Web Platform Installer\WebPlatformInstaller.exe" ] (already cured)
[WARN] 38 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk" -> [ "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" ] (already cured)
[WARN] 39 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk" -> [ "C:\Program Files (x86)\MusicBrainz Picard\picard.exe" ] (already cured)
[WARN] 42 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk" -> [ "C:\Program Files (x86)\TeamViewer\TeamViewer.exe" ] (already cured)
[WARN] 43 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker.lnk" -> [ "C:\Program Files (x86)\Tracker\Tracker.exe" ] (already cured)
[WARN] 44 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk" -> [ "C:\Windows10Upgrade\Windows10UpgraderApp.exe" ] (already cured)
[WARN] 45 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zynaptiq\ADAPTIVERB\Manual.lnk" -> [ "C:\Program Files\Zynaptiq\ADAPTIVERB\Zynaptiq ADAPTIVERB Manual.pdf" ] (already cured)
[WARN] 46 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zynaptiq\ADAPTIVERB\Uninstall.lnk" -> [ "C:\Program Files\Zynaptiq\ADAPTIVERB\unins000.exe" ] (already cured)
[WARN] 48 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 18.0.lnk" -> [ "C:\Program Files\WinZip\WINZIP64.EXE" ] (already cured)
[WARN] 51 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk" -> [ "C:\Program Files\WinRAR\WinRAR.chm" ] (already cured)
[WARN] 52 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk" -> [ "C:\Program Files\WinRAR\WinRAR.exe" ] (already cured)
[WARN] 53 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Performance Toolkit\GPUView Help.lnk" -> [ "C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\gpuview\GPUView.chm" ] (already cured)
[WARN] 54 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Performance Toolkit\GPUView.lnk" -> [ "C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\gpuview\GPUView.exe" ] (already cured)
[WARN] 55 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Performance Toolkit\Windows Performance Analyzer.lnk" -> [ "C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\wpa.exe" ] (already cured)
[WARN] 56 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Performance Toolkit\Windows Performance Recorder.lnk" -> [ "C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\WPRUI.exe" ] (already cured)
[WARN] 57 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webcam\Webcam videocap.lnk" -> [ "C:\Program Files (x86)\ETRON\Webcam\x86\VideoCap.exe" ] (already cured)
[WARN] 58 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves\CODEX.lnk" -> [ "C:\Program Files (x86)\Waves\Applications\CODEX App.exe" ] (already cured)
[WARN] 59 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves\Electric200.lnk" -> [ "C:\Program Files (x86)\Waves\Applications\Electric200 App.exe" ] (already cured)
[WARN] 60 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves\Electric88.lnk" -> [ "C:\Program Files (x86)\Waves\Applications\Electric88 App.exe" ] (already cured)
[WARN] 61 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves\Element.lnk" -> [ "C:\Program Files (x86)\Waves\Applications\Element App.exe" ] (already cured)
[WARN] 62 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves\eMotion LV1.lnk" -> [ "C:\Program Files (x86)\Waves\eMotion LV1\eMotion LV1.exe" ] (already cured)
[WARN] 63 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves\GTR 3.5.lnk" -> [ "C:\Program Files (x86)\Waves\Applications\GTR 3.5.exe" ] (already cured)
[WARN] 64 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves\GTRSolo 3.5.lnk" -> [ "C:\Program Files (x86)\Waves\Applications\GTRSolo 3.5.exe" ] (already cured)
[WARN] 65 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves\MultiRack SoundGrid.lnk" -> [ "C:\Program Files (x86)\Waves\MultiRack\MultiRack SoundGrid.exe" ] (already cured)
[WARN] 66 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves\MultiRack.lnk" -> [ "C:\Program Files (x86)\Waves\MultiRack\MultiRack.exe" ] (already cured)
[WARN] 67 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves\SoundGrid Studio.lnk" -> [ "C:\Program Files (x86)\Waves\SoundGrid Studio\SoundGrid Studio.exe" ] (already cured)
[WARN] 68 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves\Uninstall.lnk" -> [ "C:\Program Files (x86)\Waves\unins000.exe" ] (already cured)
[WARN] 69 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Audio Repeater (KS).lnk" -> [ "C:\Program Files\Virtual Audio Cable\audiorepeater_ks.exe" ] (already cured)
[WARN] 70 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Audio Repeater (MME).lnk" -> [ "C:\Program Files\Virtual Audio Cable\audiorepeater.exe" ] (already cured)
[WARN] 71 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\Control panel.lnk" -> [ "C:\Program Files\Virtual Audio Cable\vcctlpan.exe" ] (already cured)
[WARN] 75 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable\User manual.lnk" -> [ "C:\Program Files\Virtual Audio Cable\vac.chm" ] (already cured)
[WARN] 79 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk" -> [ "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" ] (already cured)
[WARN] 80 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VersePerfect\Verse Perfect.lnk" -> [ "C:\Program Files (x86)\VersePerfect\VersePerfect.exe" ] (already cured)
[WARN] 81 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio\ASIO Bridge\ASIO Bridge.LNK" -> [ "C:\Program Files (x86)\VB\ASIOBridge\VBCABLE_AsioBridge.exe" ] (already cured)
[WARN] 83 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unibrain ubCore\ubSwitch.lnk" -> [ "C:\Program Files\Unibrain\ubCore\Tools\ubSwitch.exe" ] (already cured)
[WARN] 85 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unibrain ubCore\Documentation\ubCore Manual.lnk" -> [ "C:\Program Files\Unibrain\ubCore\ubCore5_Manual.pdf" ] (already cured)
[WARN] 88 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Reanimator.lnk" -> [ "C:\Program Files (x86)\UnHackMe\reanimator.exe" ] (already cured)
[WARN] 89 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Start UnHackMe.lnk" -> [ "C:\Program Files (x86)\UnHackMe\Unhackme.exe" ] (already cured)
[WARN] 90 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\UnHackMe Monitor.lnk" -> [ "C:\Program Files (x86)\UnHackMe\hackmon.exe" ] (already cured)
[WARN] 91 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Uninstall UnHackMe.lnk" -> [ "C:\Program Files (x86)\UnHackMe\unins000.exe" ] (already cured)
[WARN] 92 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UAD Powered Plug-Ins\Documentation.lnk" -> [ "C:\Program Files (x86)\Universal Audio\Powered Plugins\Documentation" ] (already cured)
[WARN] 93 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UAD Powered Plug-Ins\Readme.lnk" -> [ "C:\Program Files (x86)\Universal Audio\Powered Plugins\ReadMe.rtf" ] (already cured)
[WARN] 94 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UAD Powered Plug-Ins\UAD Meter & Control Panel.lnk" -> [ "C:\Program Files (x86)\Universal Audio\Powered Plugins\UADPerfMon.exe" ] (already cured)
[WARN] 95 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Open Windows Repair (WR) Tray Icon.lnk" -> [ "C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe" ] (already cured)
[WARN] 96 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Registry Backup.lnk" -> [ "C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe" ] (already cured)
[WARN] 97 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Windows Repair.lnk" -> [ "C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe" ] (already cured)
[WARN] 98 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradeo - MetaTrader 4\MetaEditor.lnk" -> [ "C:\Program Files (x86)\Tradeo - MetaTrader 4\metaeditor.exe" ] (already cured)
[WARN] 100 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradeo - MetaTrader 4\Uninstall.lnk" -> [ "C:\Program Files (x86)\Tradeo - MetaTrader 4\uninstall.exe" ] (already cured)
[WARN] 101 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToneBoosters\Morphit\Uninstall.lnk" -> [ "C:\Program Files\ToneBoosters\Morphit\unins000.exe" ] (already cured)
[WARN] 102 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy\TeraCopy Help.lnk" -> [ "C:\Program Files\TeraCopy\TeraCopy Help.chm" ] (already cured)
[WARN] 104 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy\TeraCopy.lnk" -> [ "C:\Program Files\TeraCopy\TeraCopy.exe" ] (already cured)
[WARN] 105 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy\Uninstall TeraCopy.lnk" -> [ "C:\Program Files\TeraCopy\unins000.exe" ] (already cured)
[WARN] 106 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telestream\Wirecast\Support Assistant.lnk" -> [ "C:\Program Files\Telestream\Wirecast\SupportAssistant\WirecastSupportAssistant.exe" ] (already cured)
[WARN] 107 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telestream\Wirecast\Tutorial.lnk" -> [ "C:\Program Files\Telestream\Wirecast\rsrc\tutorial\intro_welcome.html" ] (already cured)
[WARN] 108 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telestream\Wirecast\Wirecast.lnk" -> [ "C:\Program Files\Telestream\Wirecast\Wirecast.exe" ] (already cured)
[WARN] 109 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telestream\Wirecast\Scripting\Documentation.lnk" -> [ "C:\Program Files\Telestream\Wirecast\rsrc\scriptdocs\index.html" ] (already cured)
[WARN] 110 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telestream\Wirecast\Scripting\Examples.lnk" -> [ "C:\Program Files\Telestream\Wirecast\rsrc\scriptingexamples" ] (already cured)
[WARN] 111 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Recorder 8.lnk" -> [ "C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe" ] (already cured)
[WARN] 112 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Camtasia Studio 8.lnk" -> [ "C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe" ] (already cured)
[WARN] 113 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Snagit 11 Editor.lnk" -> [ "C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe" ] (already cured)
[WARN] 114 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith\Snagit 11.lnk" -> [ "C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe" ] (already cured)
[WARN] 116 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TC Electronic\M30 Reverb\Uninstall.lnk" -> [ "C:\Program Files (x86)\TC Electronic\M30 Reverb\Native\Uninstall\Uninstall.exe" ] (already cured)
[WARN] 117 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename\Tag&Rename help.lnk" -> [ "C:\Program Files (x86)\TagRename\TagRename.chm" ] (already cured)
[WARN] 118 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename\Tag&Rename.lnk" -> [ "C:\Program Files (x86)\TagRename\TagRename.exe" ] (already cured)
[WARN] 120 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite Spot Studios\AATranslator\AATranslator.lnk" -> [ "C:\Program Files (x86)\Suite Spot Studios\AATranslator\AATranslator.exe" ] (already cured)
[WARN] 122 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk" -> [ "C:\Program Files (x86)\Steam\Steam.exe" ] (already cured)
[WARN] 124 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife\SSDlife Pro.lnk" -> [ "C:\Program Files (x86)\BinarySense\SSDlife\ssdlife.exe" ] (already cured)
[WARN] 125 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SONiVOX\SONiVOX VocalizerPro\Uninstall VocalizerPro.lnk" -> [ "C:\ProgramData\SONiVOX\VocalizerPro\unins000.exe" ] (already cured)
[WARN] 126 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonarworks\Sonarworks\License agreement.lnk" -> [ "C:\Program Files (x86)\Sonarworks\Sonarworks HD reference\License_agreement_sonarworks.pdf" ] (already cured)
[WARN] 127 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonarworks\Sonarworks\Sonarworks HD reference Help.lnk" -> [ "C:\Program Files (x86)\Sonarworks\Sonarworks HD reference\sonarworks.chm" ] (already cured)
[WARN] 130 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonalksis\Sonalksis Plugin Manager.lnk" -> [ "C:\Program Files (x86)\Sonalksis\Sonalksis Plugin Manager.exe" ] (already cured)
[WARN] 131 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\SoftEther VPN Client Manager.lnk" -> [ "C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe" ] (already cured)
[WARN] 132 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\SoftEther VPN Command Line Utility (vpncmd).lnk" -> [ "C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe" ] (already cured)
[WARN] 133 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Configuration Tools\Services Running on this Computer.lnk" -> [ "C:\Windows\System32\services.msc" ] (already cured)
[WARN] 134 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client\Configuration Tools\Uninstall SoftEther VPN Client.lnk" -> [ "C:\Program Files\SoftEther VPN Client\vpnsetup.exe" ] (already cured)
[WARN] 135 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slate Digital\Virtual Tape Machines\Uninstall Virtual Tape Machines.lnk" -> [ "C:\Program Files\Slate Digital\Virtual Tape Machines\unins000.exe" ] (already cured)
[WARN] 136 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slate Digital\Virtual Tape Machines\Virtual Tape Machines User Guide.lnk" -> [ "C:\ProgramData\Slate Digital\Virtual Tape Machines\Slate Digital Virtual Tape Machines - User Guide.pdf" ] (already cured)
[WARN] 137 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slate Digital\Virtual Buss Compressors\Uninstall Virtual Buss Compressors.lnk" -> [ "C:\Program Files\Slate Digital\Virtual Buss Compressors\unins000.exe" ] (already cured)
[WARN] 138 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slate Digital\Virtual Buss Compressors\Virtual Buss Compressors Rack User Guide.lnk" -> [ "C:\ProgramData\Slate Digital\Virtual Buss Compressors Rack\Slate Digital Virtual Buss Compressors Rack - User Guide.pdf" ] (already cured)
[WARN] 139 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slate Digital\VerbSuite Classics\Uninstall VerbSuite Classics.lnk" -> [ "C:\Program Files\Slate Digital\VerbSuite Classics\unins000.exe" ] (already cured)
[WARN] 140 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slate Digital\VerbSuite Classics\VerbSuite Classics User Guide.lnk" -> [ "C:\ProgramData\Slate Digital\VerbSuite Classics\Slate Digital VerbSuite Classics - User Guide.pdf" ] (already cured)
[WARN] 141 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slate Digital\FG-X Virtual Mastering Console\Uninstall FG-X.lnk" -> [ "C:\Program Files\Slate Digital\FG-X Virtual Mastering Console\unins000.exe" ] (already cured)
[WARN] 142 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slate Digital\FG-X\Uninstall FG-X.lnk" -> [ "C:\Program Files\Slate Digital\FG-X\unins000.exe" ] (already cured)
[WARN] 143 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk" -> [ "C:\Program Files (x86)\Skype\Phone\Skype.exe" ] (already cured)
[WARN] 144 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scuffham Amps S-GEAR\Un-install S-GEAR.lnk" -> [ "C:\ProgramData\Scuffham Amps\unins000.exe" ] (already cured)
[WARN] 145 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scuffham Amps S-GEAR\User manual.lnk" -> [ "C:\ProgramData\Scuffham Amps\S-Gear2\sgear_usermanual.pdf" ] (already cured)
[WARN] 146 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Room EQ Wizard V5\ReadMe.lnk" -> [ "C:\Program Files (x86)\Room EQ Wizard V5\readme.html" ] (already cured)
[WARN] 147 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Room EQ Wizard V5\Room EQ Wizard V5.lnk" -> [ "C:\Program Files (x86)\Room EQ Wizard V5\roomeqwizard.exe" ] (already cured)
[WARN] 148 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Room EQ Wizard V5\Uninstall.lnk" -> [ "C:\Program Files (x86)\Room EQ Wizard V5\Uninstall.exe" ] (already cured)
[WARN] 149 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller\RogueKiller.lnk" -> [ "C:\Program Files\RogueKiller\RogueKiller64.exe" ] (already cured)
[WARN] 150 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller Help.lnk" -> [ "C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller Help.pdf" ] (already cured)
[WARN] 151 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk" -> [ "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" ] (already cured)
[WARN] 152 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall Revo Uninstaller.lnk" -> [ "C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe" ] (already cured)
[WARN] 153 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker\Resource Hacker.lnk" -> [ "C:\Program Files (x86)\Resource Hacker\ResHacker.exe" ] (already cured)
[WARN] 154 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX\Nexus\NEXUS Manual English.lnk" -> [ "C:\Program Files\VSTPlugIns\Manual\Nexus 2 Manual English.pdf" ] (already cured)
[WARN] 156 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\ReaMote Slave (x64).lnk" -> [ "C:\Program Files\REAPER (x64)\reamote.exe" ] (already cured)
[WARN] 157 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64).lnk" -> [ "C:\Program Files\REAPER (x64)\reaper.exe" ] (already cured)
[WARN] 159 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\Uninstall REAPER (x64).lnk" -> [ "C:\Program Files\REAPER (x64)\Uninstall.exe" ] (already cured)
[WARN] 161 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3\Python (command line).lnk" -> [ "C:\Python33\python.exe" ] (already cured)
[WARN] 162 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3\Python Manuals.lnk" -> [ "C:\Python33\Doc\python330.chm" ] (already cured)
[WARN] 164 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Xenon\PSP Xenon Manual.lnk" -> [ "C:\Program Files\PSPaudioware\PSP Xenon\PSP Xenon Operation Manual.pdf" ] (already cured)
[WARN] 166 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Xenon\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\PSPaudioware\PSP Xenon\PSPaudioware.com.html" ] (already cured)
[WARN] 168 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP SpringBox 64bit\PSP SpringBox Operation Manual.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP SpringBox\PSP SpringBox Manual.pdf" ] (already cured)
[WARN] 170 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP SpringBox 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP SpringBox\PSPaudioware.com.html" ] (already cured)
[WARN] 172 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP PianoVerb2 64bit\PSP PianoVerb2 Operation Manual.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP PianoVerb2\PSP PianoVerb2 Manual.pdf" ] (already cured)
[WARN] 174 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP PianoVerb2 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP PianoVerb2\PSPaudioware.com.html" ] (already cured)
[WARN] 176 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP oldTimer 64bit\PSP oldTimer Manual.lnk" -> [ "C:\Program Files\PSPaudioware\PSP oldTimer 64bit\PSP oldTimer Operation Manual.pdf" ] (already cured)
[WARN] 178 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP oldTimer 64bit\PSP oldTimerME Manual.lnk" -> [ "C:\Program Files\PSPaudioware\PSP oldTimer 64bit\PSP oldTimerME Operation Manual.pdf" ] (already cured)
[WARN] 179 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP oldTimer 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\PSPaudioware\PSP oldTimer 64bit\PSPaudioware.com.html" ] (already cured)
[WARN] 181 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP NobleQ 64bit\PSP NobleQ Manual.lnk" -> [ "C:\Program Files\PSPaudioware\PSP NobleQ 64bit\PSP NobleQ Operation Manual.pdf" ] (already cured)
[WARN] 183 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP NobleQ 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\PSPaudioware\PSP NobleQ 64bit\PSPaudioware.com.html" ] (already cured)
[WARN] 185 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Neon 64bit\PSP Neon Manual.lnk" -> [ "C:\Program Files\PSPaudioware\PSP Neon 64bit\PSP Neon Operation Manual.pdf" ] (already cured)
[WARN] 187 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Neon 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\PSPaudioware\PSP Neon 64bit\PSPaudioware.com.html" ] (already cured)
[WARN] 189 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP McQ 64bit\PSP McQ Operation Manual.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP McQ\PSP McQ Manual.pdf" ] (already cured)
[WARN] 191 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP McQ 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP McQ\PSPaudioware.com.html" ] (already cured)
[WARN] 193 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP MasterComp\PSP MasterComp Operation Manual.lnk" -> [ "C:\Program Files\PSPaudioware\PSP MasterComp\PSP MasterComp.pdf" ] (already cured)
[WARN] 195 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP MasterComp\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\PSPaudioware\PSP MasterComp\PSPaudioware.com.html" ] (already cured)
[WARN] 197 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Echo 64bit\PSP Echo Manual.lnk" -> [ "C:\Program Files\PSPaudioware\PSP Echo 64bit\PSP Echo.pdf" ] (already cured)
[WARN] 199 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP Echo 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\PSPaudioware\PSP Echo 64bit\PSPaudioware.com.html" ] (already cured)
[WARN] 201 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP BussPressor 64bit\PSP BussPressor Manual.lnk" -> [ "C:\Program Files\PSPaudioware\PSP BussPressor 64bit\PSP BussPressor Operation Manual.pdf" ] (already cured)
[WARN] 203 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP BussPressor 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\PSPaudioware\PSP BussPressor 64bit\PSPaudioware.com.html" ] (already cured)
[WARN] 205 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 85 64bit\PSP 85 Operation Manual.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP 85\PSP 85 Operation Manual.pdf" ] (already cured)
[WARN] 207 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 85 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\VSTPlugIns\PSP 85\PSPaudioware.com.html" ] (already cured)
[WARN] 209 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 608 MultiDelay 64bit\PSP 608 MultiDelay Manual.lnk" -> [ "C:\Program Files\PSPaudioware\PSP 608 MultiDelay 64bit\PSP 608 MultiDelay Operation Manual.pdf" ] (already cured)
[WARN] 211 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 608 MultiDelay 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\PSPaudioware\PSP 608 MultiDelay 64bit\PSPaudioware.com.html" ] (already cured)
[WARN] 213 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 2Meters 64bit\PSP 2Meters Operation Manual.lnk" -> [ "C:\Program Files\PSPaudioware\PSP 2Meters 64bit\PSP 2Meters Operation Manual.pdf" ] (already cured)
[WARN] 215 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\PSP 2Meters 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\PSPaudioware\PSP 2Meters 64bit\PSPaudioware.com.html" ] (already cured)
[WARN] 217 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\Lexicon PSP 42 64bit\Lexicon PSP42 Manual.lnk" -> [ "C:\Program Files\VSTPlugIns\Lexicon PSP42 Operation Manual.pdf" ] (already cured)
[WARN] 219 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware\Lexicon PSP 42 64bit\PSPaudioware Home Site.lnk" -> [ "C:\Program Files\VSTPlugIns\PSPaudioware.com.html" ] (already cured)
[WARN] 220 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso\Documentation\Documentation.lnk" -> [ "C:\Program Files\Process Lasso\PROCESSLASSO.CHM" ] (already cured)
[WARN] 221 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Primo Ramdisk Server Edition\Primo Ramdisk Server Edition.lnk" -> [ "C:\Program Files\Primo Ramdisk Server Edition\FancyRd.exe" ] (already cured)
[WARN] 222 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Primo Ramdisk Server Edition\Uninstall Primo Ramdisk Server Edition.lnk" -> [ "C:\Program Files\Primo Ramdisk Server Edition\unins000.exe" ] (already cured)
[WARN] 224 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plogue\chipsounds\Uninstall.lnk" -> [ "C:\Program Files\Plogue\chipsounds\unins000.exe" ] (already cured)
[WARN] 227 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk" -> [ "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe" ] (already cured)
[WARN] 228 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk" -> [ "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe" ] (already cured)
[WARN] 230 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Visualizer1_9\Uninstall Visualizer.lnk" -> [ "C:\Program Files (x86)\NuGen Audio\Visualizer1_9\unins000.exe" ] (already cured)
[WARN] 231 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Visualizer1_9\Visualizer1_9 Manual.lnk" -> [ "C:\Program Files (x86)\NuGen Audio\Visualizer1_9\Visualizer Manual.pdf" ] (already cured)
[WARN] 232 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\VisLM\Installation and Licensing Guide.lnk" -> [ "C:\Program Files\NUGEN Audio\VisLM\NUGEN Audio installation and licensing guide.pdf" ] (already cured)
[WARN] 234 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\VisLM\Uninstall VisLM.lnk" -> [ "C:\Program Files\NUGEN Audio\VisLM\unins000.exe" ] (already cured)
[WARN] 235 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\VisLM\VisLM Manual.lnk" -> [ "C:\Program Files\NUGEN Audio\VisLM\VisLM manual.pdf" ] (already cured)
[WARN] 236 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Stereoplacer3\Installation and Licensing Guide.lnk" -> [ "C:\Program Files\NUGEN Audio\Stereoplacer3\NUGEN Audio installation and licensing guide.pdf" ] (already cured)
[WARN] 238 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Stereoplacer3\Stereoplacer3 Manual.lnk" -> [ "C:\Program Files\NUGEN Audio\Stereoplacer3\Stereoplacer3 manual.pdf" ] (already cured)
[WARN] 239 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Stereoplacer3\Uninstall Stereoplacer.lnk" -> [ "C:\Program Files\NUGEN Audio\Stereoplacer3\unins000.exe" ] (already cured)
[WARN] 240 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Stereoizer3\Installation and Licensing Guide.lnk" -> [ "C:\Program Files\NUGEN Audio\Stereoizer3\NUGEN Audio installation and licensing guide.pdf" ] (already cured)
[WARN] 242 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Stereoizer3\Stereoizer3 Manual.lnk" -> [ "C:\Program Files\NUGEN Audio\Stereoizer3\Stereoizer3 manual.pdf" ] (already cured)
[WARN] 243 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Stereoizer3\Uninstall Stereoizer3.lnk" -> [ "C:\Program Files\NUGEN Audio\Stereoizer3\unins000.exe" ] (already cured)
[WARN] 245 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\SEQ2 Master\SEQ2 Master Manual.lnk" -> [ "C:\Program Files (x86)\NuGen Audio\SEQ2 Master\SEQ2 Manual.pdf" ] (already cured)
[WARN] 246 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\SEQ2 Master\Uninstall SEQ2_Master.lnk" -> [ "C:\Program Files (x86)\NuGen Audio\SEQ2 Master\unins000.exe" ] (already cured)
[WARN] 248 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\SEQ1 Master\SEQ1 Master Manual.lnk" -> [ "C:\Program Files (x86)\NuGen Audio\SEQ1 Master\SEQ1 Manual.pdf" ] (already cured)
[WARN] 249 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\SEQ1 Master\Uninstall SEQ1_Master.lnk" -> [ "C:\Program Files (x86)\NuGen Audio\SEQ1 Master\unins000.exe" ] (already cured)
[WARN] 250 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\SEQ-S\Installation and Licensing Guide.lnk" -> [ "C:\Program Files\NUGEN Audio\SEQ-S\NUGEN Audio installation and licensing guide.pdf" ] (already cured)
[WARN] 252 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\SEQ-S\SEQ-S Manual.lnk" -> [ "C:\Program Files\NUGEN Audio\SEQ-S\SEQ-S Manual.pdf" ] (already cured)
[WARN] 253 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\SEQ-S\Uninstall SEQ-S.lnk" -> [ "C:\Program Files\NUGEN Audio\SEQ-S\unins000.exe" ] (already cured)
[WARN] 254 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Monofilter4\Installation and Licensing Guide.lnk" -> [ "C:\Program Files\NUGEN Audio\Monofilter4\NUGEN Audio installation and licensing guide.pdf" ] (already cured)
[WARN] 255 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Monofilter4\Monofilter4 Manual.lnk" -> [ "C:\Program Files\NUGEN Audio\Monofilter4\Monofilter4 manual.pdf" ] (already cured)
[WARN] 257 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\Monofilter4\Uninstall Monofilter4.lnk" -> [ "C:\Program Files\NUGEN Audio\Monofilter4\unins000.exe" ] (already cured)
[WARN] 258 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\ISL\ISL Manual.lnk" -> [ "C:\Program Files\NUGEN Audio\ISL\ISL Manual.pdf" ] (already cured)
[WARN] 260 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NuGen Audio\ISL\Uninstall ISL.lnk" -> [ "C:\Program Files\NUGEN Audio\ISL\unins000.exe" ] (already cured)
[WARN] 261 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 12\Nero 12.lnk" -> [ "C:\Program Files (x86)\Nero\Nero 12\Nero Launcher\NeroLauncher.exe" ] (already cured)
[WARN] 262 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive\Uninstall.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Massive\uninstall.exe" ] (already cured)
[WARN] 263 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive\Documentation\Massive Manual English.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Massive\Documentation\Massive Manual English.pdf" ] (already cured)
[WARN] 264 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive\Documentation\Massive Manual Spanish.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Massive\Documentation\Massive Manual Spanish.pdf" ] (already cured)
[WARN] 266 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive\Documentation\Welcome.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Massive\Documentation\Welcome.pdf" ] (already cured)
[WARN] 268 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Manual English.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Manual English.pdf" ] (already cured)
[WARN] 269 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Manual French.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Manual French.pdf" ] (already cured)
[WARN] 270 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Manual German.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Manual German.pdf" ] (already cured)
[WARN] 271 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Manual Spanish.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Manual Spanish.pdf" ] (already cured)
[WARN] 272 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Setup Guide English.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Setup Guide English.pdf" ] (already cured)
[WARN] 273 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Setup Guide French.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Setup Guide French.pdf" ] (already cured)
[WARN] 274 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Setup Guide German.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Setup Guide German.pdf" ] (already cured)
[WARN] 275 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Setup Guide Spanish.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Documentation\Elektrik Piano 1.5 Setup Guide Spanish.pdf" ] (already cured)
[WARN] 276 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Documentation\ElektrikPiano15Serial.html.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Documentation\ElektrikPiano15Serial.html" ] (already cured)
[WARN] 277 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Elektrik Piano 1.5\Documentation\Welcome.pdf.lnk" -> [ "C:\Program Files (x86)\Native Instruments\Elektrik Piano 1.5\Documentation\Welcome.pdf" ] (already cured)
[WARN] 278 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Service Center.lnk" -> [ "C:\Program Files\Native Instruments\Service Center\ServiceCenter.exe" ] (already cured)
[WARN] 279 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Documentation\More Documentation.lnk" -> [ "C:\Program Files\Native Instruments\Service Center\Documentation" ] (already cured)
[WARN] 281 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Documentation\Service Center Manual English.pdf.lnk" -> [ "C:\Program Files\Native Instruments\Service Center\Documentation\Service Center Manual English.pdf" ] (already cured)
[WARN] 282 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Documentation\Service Center Manual French.pdf.lnk" -> [ "C:\Program Files\Native Instruments\Service Center\Documentation\Service Center Manual French.pdf" ] (already cured)
[WARN] 283 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Documentation\Service Center Manual German.pdf.lnk" -> [ "C:\Program Files\Native Instruments\Service Center\Documentation\Service Center Manual German.pdf" ] (already cured)
[WARN] 284 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Documentation\Service Center Manual Japanese.pdf.lnk" -> [ "C:\Program Files\Native Instruments\Service Center\Documentation\Service Center Manual Japanese.pdf" ] (already cured)
[WARN] 285 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Documentation\Service Center Manual Spanish.pdf.lnk" -> [ "C:\Program Files\Native Instruments\Service Center\Documentation\Service Center Manual Spanish.pdf" ] (already cured)
[WARN] 286 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Massive\Massive.lnk" -> [ "C:\Program Files\Native Instruments\Massive\Massive.exe" ] (already cured)
[WARN] 287 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Kontakt 5\Kontakt 5.lnk" -> [ "C:\Program Files\Native Instruments\Kontakt 5\Kontakt 5.exe" ] (already cured)
[WARN] 288 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Guitar Rig 5\Guitar Rig 5.lnk" -> [ "C:\Program Files\Native Instruments\Guitar Rig 5\Guitar Rig 5.exe" ] (already cured)
[WARN] 289 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Guitar Rig 5\Documentation\More Documentation.lnk" -> [ "C:\Program Files\Native Instruments\Guitar Rig 5\Documentation" ] (already cured)
[WARN] 291 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\FM8\FM8.lnk" -> [ "C:\Program Files\Native Instruments\FM8\FM8.exe" ] (already cured)
[WARN] 292 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\FM8\Documentation\FM8 Getting Started English.pdf.lnk" -> [ "C:\Program Files\Native Instruments\FM8\Documentation\FM8 Getting Started English.pdf" ] (already cured)
[WARN] 293 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\FM8\Documentation\FM8 Getting Started French.pdf.lnk" -> [ "C:\Program Files\Native Instruments\FM8\Documentation\FM8 Getting Started French.pdf" ] (already cured)
[WARN] 294 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\FM8\Documentation\FM8 Getting Started German.pdf.lnk" -> [ "C:\Program Files\Native Instruments\FM8\Documentation\FM8 Getting Started German.pdf" ] (already cured)
[WARN] 295 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\FM8\Documentation\FM8 Getting Started Japanese.pdf.lnk" -> [ "C:\