Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Successfully Removed a Possible ZeroAccess Rootkit but Need Help Confirming.


  • This topic is locked This topic is locked
62 replies to this topic

#1 ZiJie

ZiJie

  • Members
  • 66 posts
  • OFFLINE
  •  

Posted 24 April 2015 - 01:56 PM

Recently my laptop was infected by a Possible ZeroAccess rootkit after several hours I managed to boot my laptop in Safe Mode and use RogueKiller to remove it.

But I am not sure if I completely removed it and how to repair the damage done. My laptop takes a long time to boot up and can't download any files through a Browser. Still it would become unresponsive whenever I clicked anything on the screen, programs, start, etc when booting up normally.I thought it would be a good time to seek aid.

My laptop is a HP Envy, Windows 8.1, 16GB RAM with Intel i7 Processor, 64-bit OS.


Edited by ZiJie, 24 April 2015 - 11:22 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 25 April 2015 - 12:09 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 ZiJie

ZiJie
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  

Posted 25 April 2015 - 12:18 PM

Unfortunately my laptop is now stuck in an automatic repair loop even if I try to boot in Safe Mode. It suddenly froze and I did a Forced Reboot and after that I got the loop.

Edited by ZiJie, 25 April 2015 - 12:30 PM.


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 25 April 2015 - 12:43 PM

Please try this...

Step 1

rufus-128.png + FRST.gif Scan with FRST from the Recovery Environment

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 ZiJie

ZiJie
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  

Posted 25 April 2015 - 10:02 PM

Here is the log of the FRST scan.
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
Ran by SYSTEM on MININT-8DIIA1F on 26-04-2015 10:48:48
Running from e:\
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Attention: Could not load system hive.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2015-01-17] (IvoSoft)
HKLM\...\Run: [RtsCM] => RTSCM64.EXE
HKLM\...\Run: [SysTrayApp] => C:\Program Files (x86)\IDT\WDM\sttray64.exe [1703424 2015-03-30] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [tvncontrol] => C:\WINDOWS\Common Files (x86)\COMODO\GeekBuddyRSP.exe [2327248 2014-09-16] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2015-02-08] (Microsoft Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-25] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-25] (Avast Software s.r.o.)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [273920 2015-03-10] (Microsoft Corporation)
HKU\StevenBong\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-18] (Google)
HKU\StevenBong\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\StevenBong\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9981888 2015-04-20] ()
HKU\StevenBong\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\StevenBong\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-31] (SUPERAntiSpyware)
HKU\StevenBong\...\Run: [SpeedBitVideoAccelerator] => C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe [1517224 2015-02-13] (SPEEDbit)
HKU\StevenBong\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2015-03-13] (Speedbit Ltd.)
HKU\StevenBong\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\StevenBong\...\Policies\Explorer: [NoInternetIcon] 1
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-26 10:46 - 2015-04-26 10:48 - 00000000 ____D () C:\FRST
2015-04-25 08:24 - 2015-04-25 08:24 - 00027400 _____ (COMODO CA Limited) C:\Windows\System32\certsentry.dll
2015-04-25 08:24 - 2015-04-25 08:24 - 00024328 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2015-04-25 08:24 - 2015-04-25 08:24 - 00023272 _____ (COMODO CA Limited) C:\Windows\System32\certsentry.exe
2015-04-25 08:24 - 2015-04-25 08:24 - 00001109 _____ () C:\Users\Public\Desktop\Internet (Chromodo).lnk
2015-04-25 08:24 - 2015-04-25 08:24 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-25 07:40 - 2015-04-25 08:19 - 214041880 _____ (COMODO) C:\Users\StevenBong\Desktop\cav_installer_5951_60.exe
2015-04-25 07:12 - 2015-04-25 07:12 - 00007116 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-04-25 06:39 - 2015-04-25 05:30 - 00364472 _____ () C:\Windows\System32\aswBoot.exe
2015-04-25 05:39 - 2015-04-25 05:39 - 00001945 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-25 05:39 - 2015-04-25 05:39 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\AVAST Software
2015-04-25 05:38 - 2015-04-25 05:38 - 00356280 _____ (Dropbox, Inc.) C:\Users\Public\Desktop\DropboxInstallerAvast.exe
2015-04-25 05:38 - 2015-04-25 05:38 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-25 05:38 - 2015-04-25 05:31 - 00442264 _____ () C:\Windows\System32\Drivers\aswSP.sys
2015-04-25 05:38 - 2015-04-25 05:31 - 00272248 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2015-04-25 05:38 - 2015-04-25 05:31 - 00137288 _____ () C:\Windows\System32\Drivers\aswStm.sys
2015-04-25 05:38 - 2015-04-25 05:30 - 00093528 _____ () C:\Windows\System32\Drivers\aswRdr2.sys
2015-04-25 05:38 - 2015-04-25 05:30 - 00089944 _____ () C:\Windows\System32\Drivers\aswMonFlt.sys
2015-04-25 05:38 - 2015-04-25 05:30 - 00065736 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2015-04-25 05:38 - 2015-04-25 05:30 - 00029168 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2015-04-25 05:38 - 2015-04-25 05:26 - 01047320 _____ () C:\Windows\System32\Drivers\aswSnx.sys
2015-04-25 05:29 - 2015-04-25 05:29 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-25 04:48 - 2015-04-25 04:48 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-25 04:44 - 2015-04-25 04:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-25 04:43 - 2015-04-25 04:44 - 05498080 _____ (Avast Software s.r.o.) C:\Users\StevenBong\Desktop\avast_free_antivirus_setup_online.exe
2015-04-25 01:57 - 2015-04-25 01:58 - 04578040 _____ (AVG Technologies) C:\Users\StevenBong\Desktop\avg_free_stb_all_2015_5315_ppc1.exe
2015-04-25 01:19 - 2015-04-25 01:41 - 116735282 _____ (Realtek Semiconductor Corp.) C:\Users\StevenBong\Desktop\0003-64bit_Win7_Win8_Win81_R276.exe
2015-04-24 23:33 - 2015-04-24 23:33 - 00000000 ____D () C:\Program Files (x86)\RogueKiller
2015-04-24 23:29 - 2015-04-24 23:32 - 18880096 _____ (Adlice Software ) C:\Users\StevenBong\Desktop\setup.exe
2015-04-24 20:17 - 2015-04-24 20:18 - 02099712 _____ (Farbar) C:\Users\StevenBong\Desktop\FRST64.exe
2015-04-24 17:55 - 2015-04-25 07:10 - 00025468 _____ () C:\Windows\PFRO.log
2015-04-24 16:14 - 2015-04-24 16:14 - 00000000 ____D () C:\$WINDOWS.~BT
2015-04-24 11:28 - 2015-04-25 06:18 - 00000693 _____ () C:\Windows\setupact.log
2015-04-24 11:28 - 2015-04-24 11:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-24 10:17 - 2015-04-24 10:17 - 00043664 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
2015-04-24 10:17 - 2015-04-24 10:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-24 10:14 - 2015-04-25 04:54 - 00434075 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 10:12 - 2015-04-24 10:13 - 11028616 _____ (SurfRight B.V.) C:\Users\StevenBong\Desktop\HitmanPro_x64.exe
2015-04-24 10:09 - 2015-04-24 10:09 - 00038756 _____ () C:\Users\StevenBong\Documents\cc_20150425_020927.reg
2015-04-24 04:04 - 2015-04-24 04:04 - 00000000 __SHD () C:\found.000
2015-04-23 23:08 - 2015-04-23 23:08 - 00000000 ____D () C:\InstallShield
2015-04-23 22:53 - 2015-04-23 23:40 - 00000000 ____D () C:\Windows\pss
2015-04-23 21:59 - 2015-04-24 23:34 - 00037624 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2015-04-23 21:59 - 2015-04-23 22:25 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-23 21:51 - 2015-04-25 06:22 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_StevenBong
2015-04-23 10:58 - 2015-04-24 10:07 - 05619466 _____ (Swearware) C:\Users\StevenBong\Desktop\ComboFix.exe
2015-04-23 10:39 - 2015-04-23 10:39 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\StevenBong\Desktop\flashplayer17pp_fa_install.exe
2015-04-23 10:21 - 2015-04-23 10:21 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\Opera Software
2015-04-23 10:21 - 2015-04-23 10:21 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\Opera Software
2015-04-23 10:20 - 2015-04-23 10:20 - 00003828 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429813244
2015-04-23 10:20 - 2015-04-23 10:20 - 00001118 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-04-23 10:15 - 2015-04-23 19:12 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-23 10:14 - 2015-04-23 10:14 - 00002170 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-23 10:06 - 2015-04-23 10:06 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-04-23 10:06 - 2015-04-23 10:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-04-23 09:50 - 2015-04-25 06:56 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 09:50 - 2015-04-25 06:22 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 08:20 - 2015-04-23 23:37 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-04-23 05:18 - 2015-04-23 05:18 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\TuneUp Software
2015-04-23 05:03 - 2015-04-24 19:27 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-23 05:03 - 2015-04-23 05:03 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\MFAData
2015-04-23 05:01 - 2015-04-23 05:02 - 04818760 _____ (AVG Technologies) C:\Users\StevenBong\Desktop\avg_free_stb_all_5863p1_177.exe
2015-04-23 00:49 - 2015-04-23 09:19 - 00000000 ____D () C:\Program Files (x86)\CutterSystem
2015-04-23 00:48 - 2015-04-23 07:44 - 00000000 ____D () C:\Program Files (x86)\Sidebar for Google Search
2015-04-23 00:47 - 2015-04-23 07:31 - 00000000 ____D () C:\Program Files (x86)\bestadblocker
2015-04-23 00:46 - 2015-04-23 00:46 - 00000000 ____D () C:\ProgramData\oldakhhpbgmgigogbkdiedbgpeeimdai
2015-04-23 00:45 - 2015-04-23 00:45 - 00384000 _____ () C:\Users\StevenBong\Downloads\Download Patch 1.03 + Hotfix Pillars of Eternity_ Hero Edition-GOG Torrent - KickassTorrents (2).exe
2015-04-23 00:45 - 2015-04-23 00:45 - 00000000 ____D () C:\ProgramData\{7d973887-c79e-ad2b-7d97-73887c79e21f}
2015-04-23 00:42 - 2015-04-23 00:48 - 00000000 ____D () C:\ProgramData\12437344283165372498
2015-04-23 00:42 - 2015-04-23 00:42 - 00000000 ____D () C:\ProgramData\iohcbgdljaochdlfbldmihmagjeaddan
2015-04-23 00:41 - 2015-04-23 06:02 - 00000000 ____D () C:\ProgramData\{1f812659-6046-68ca-1f81-126596049965}
2015-04-22 10:53 - 2015-04-26 01:33 - 00000000 _____ () C:\Recovery.txt
2015-04-20 04:59 - 2015-04-20 04:59 - 00000095 _____ () C:\Users\StevenBong\Summoner's Legion.url
2015-04-14 20:17 - 2015-03-23 13:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-04-14 20:17 - 2015-03-23 13:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-04-14 20:17 - 2015-03-23 13:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\System32\sechost.dll
2015-04-14 20:17 - 2015-03-23 13:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 20:17 - 2015-03-23 13:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-14 20:17 - 2015-03-19 20:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\System32\microsoft-windows-system-events.dll
2015-04-14 20:17 - 2015-03-19 20:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-04-14 20:17 - 2015-03-19 20:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-04-14 20:17 - 2015-03-19 19:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\System32\tracerpt.exe
2015-04-14 20:17 - 2015-03-19 18:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-14 20:17 - 2015-03-19 18:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2015-04-14 20:17 - 2015-03-19 18:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-14 20:17 - 2015-03-14 00:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2015-04-14 20:17 - 2015-03-14 00:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-14 20:17 - 2015-03-12 20:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-04-14 20:17 - 2015-03-12 20:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-04-14 20:17 - 2015-03-12 20:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-04-14 20:17 - 2015-03-12 19:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-04-14 20:17 - 2015-03-12 19:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-04-14 20:17 - 2015-03-12 19:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 20:17 - 2015-03-12 19:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 20:17 - 2015-03-12 19:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-04-14 20:17 - 2015-03-12 19:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 20:17 - 2015-03-12 19:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2015-04-14 20:17 - 2015-03-12 19:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-14 20:17 - 2015-03-12 19:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-04-14 20:17 - 2015-03-12 19:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-04-14 20:17 - 2015-03-12 19:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-04-14 20:17 - 2015-03-12 18:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2015-04-14 20:17 - 2015-03-12 18:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-14 20:17 - 2015-03-12 18:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 20:17 - 2015-03-12 18:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-04-14 20:17 - 2015-03-12 18:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 20:17 - 2015-03-12 18:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-14 20:17 - 2015-03-12 18:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 20:17 - 2015-03-12 18:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-04-14 20:17 - 2015-03-12 18:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-04-14 20:17 - 2015-03-12 18:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 20:17 - 2015-03-12 18:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 20:17 - 2015-03-12 18:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 20:17 - 2015-02-20 15:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\System32\lsm.dll
2015-04-14 20:16 - 2015-03-22 14:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-04-14 20:16 - 2015-03-22 14:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-04-14 20:16 - 2015-03-22 14:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-04-14 20:16 - 2015-03-22 14:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-04-14 20:16 - 2015-03-22 14:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-04-14 20:16 - 2015-03-22 14:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-04-14 20:16 - 2015-03-22 14:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-04-14 20:16 - 2015-03-14 00:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-04-14 20:16 - 2015-03-13 17:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-04-14 20:16 - 2015-03-13 17:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-04-14 20:16 - 2015-03-13 17:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-04-14 20:16 - 2015-03-13 17:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-04-14 20:16 - 2015-03-13 17:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 20:16 - 2015-03-13 16:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-04-14 20:16 - 2015-03-13 16:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-04-14 20:16 - 2015-03-13 16:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-04-14 20:16 - 2015-03-13 16:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2015-04-14 20:16 - 2015-03-13 16:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2015-04-14 20:16 - 2015-03-13 16:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-04-14 20:16 - 2015-03-13 16:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-04-14 20:16 - 2015-03-13 16:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-04-14 20:16 - 2015-03-13 16:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 20:16 - 2015-03-13 16:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 20:16 - 2015-03-13 15:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 20:16 - 2015-03-13 15:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 20:16 - 2015-03-04 02:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\clfs.sys
2015-04-14 20:16 - 2015-03-03 19:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll
2015-04-14 20:16 - 2015-03-03 18:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 20:16 - 2015-02-24 00:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2015-04-14 09:09 - 2015-04-14 09:09 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-12 22:02 - 2015-04-12 22:02 - 00881368 _____ (Realtek ) C:\Windows\System32\Drivers\Rt630x64.sys
2015-04-12 22:02 - 2015-04-12 22:02 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2015-04-10 19:34 - 2015-04-10 19:35 - 00000000 ____D () C:\Users\StevenBong\Desktop\Heroes of Might and Magic V - Tribes Of The East
2015-04-07 08:56 - 2015-04-07 08:56 - 00000000 ____D () C:\Program Files (x86)\Windows FontCache
2015-04-05 22:16 - 2015-04-25 01:42 - 00000000 ____D () C:\Program Files (x86)\Neverwinter_en
2015-04-03 22:05 - 2015-04-03 22:07 - 00000000 ___SD () C:\Windows\System32\GWX
2015-04-03 22:05 - 2015-04-03 22:05 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-03 01:01 - 2015-04-03 01:24 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\Arc
2015-04-03 00:57 - 2015-04-25 01:37 - 00000000 ____D () C:\Program Files (x86)\Arc
2015-04-03 00:35 - 2015-04-03 00:35 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\Blizzard Entertainment
2015-04-03 00:34 - 2015-04-03 00:35 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\Battle.net
2015-04-03 00:34 - 2015-04-03 00:34 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\Battle.net
2015-04-03 00:34 - 2015-04-03 00:34 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-04-03 00:34 - 2015-04-03 00:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-03 00:09 - 2015-04-03 00:09 - 00000000 ____D () C:\ProgramData\Battle.net
2015-03-30 10:34 - 2015-03-30 10:34 - 00644968 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorA.sys
2015-03-30 10:33 - 2015-03-30 10:34 - 00000000 ____D () C:\Program Files (x86)\IDT
2015-03-30 10:31 - 2015-03-30 10:31 - 02213376 _____ (IDT, Inc.) C:\Windows\System32\stapo64.dll
2015-03-30 10:31 - 2015-03-30 10:31 - 00697856 _____ (IDT, Inc.) C:\Windows\System32\stapi64.dll
2015-03-30 10:31 - 2015-03-30 10:31 - 00551936 _____ (IDT, Inc.) C:\Windows\System32\Drivers\stwrt64.sys
2015-03-30 10:31 - 2015-03-30 10:31 - 00499200 _____ (IDT, Inc.) C:\Windows\System32\stcplx64.dll
2015-03-30 10:31 - 2015-03-30 10:31 - 00256000 _____ (IDT, Inc.) C:\Windows\System32\st646492.dll
2015-03-30 10:30 - 2015-03-30 10:30 - 09101016 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\rtsuvc.sys
2015-03-30 10:30 - 2015-03-30 10:30 - 02628312 _____ (Realtek Semiconductor Corp.) C:\Windows\RtCamU64.exe
2015-03-30 10:30 - 2015-03-30 10:30 - 00471768 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtCamX64.dll
2015-03-30 10:30 - 2015-03-30 10:30 - 00418008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtCamX.dll
2015-03-30 10:30 - 2015-03-30 10:30 - 00156888 _____ (Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
2015-03-30 10:30 - 2015-03-30 10:30 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-03-30 10:30 - 2015-03-30 10:30 - 00000000 ____D () C:\Program Files (x86)\Synaptics
2015-03-30 10:29 - 2015-03-30 10:29 - 02514120 _____ (Ralink Technology, Corp.) C:\Windows\System32\Drivers\netr28x.sys
2015-03-30 10:29 - 2015-03-30 10:29 - 00332080 _____ (Ralink Technology, Inc.) C:\Windows\System32\RaCoInstx.dll
2015-03-30 10:29 - 2015-03-30 10:29 - 00031472 _____ (Synaptics Incorporated) C:\Windows\System32\Drivers\Smb_driver_Intel.sys
2015-03-30 10:29 - 2015-03-30 10:29 - 00013973 _____ () C:\Windows\System32\RaCoInst.dat
2015-03-30 10:28 - 2015-03-30 10:28 - 01795952 _____ (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01011.dll
2015-03-30 10:28 - 2015-03-30 10:28 - 01205448 _____ (Ralink Technology, Corp.) C:\Windows\System32\Drivers\rtbth.sys
2015-03-30 10:28 - 2015-03-30 10:28 - 00129312 _____ (Intel Corporation) C:\Windows\System32\Drivers\TeeDriverx64.sys
2015-03-30 10:28 - 2015-03-30 10:28 - 00040958 _____ () C:\Windows\System32\Drivers\rt3298.bin
2015-03-30 10:28 - 2015-03-30 10:28 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-03-30 10:27 - 2015-03-30 10:27 - 00455440 _____ (Intel® Corporation) C:\Windows\System32\Drivers\IntcDAud.sys
2015-03-30 10:25 - 2015-03-30 10:25 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2015-03-30 10:25 - 2015-03-30 10:25 - 00788696 _____ (Realsil Semiconductor Corporation) C:\Windows\System32\Drivers\RtsPer.sys
2015-03-30 10:25 - 2015-03-30 10:25 - 00083160 _____ (Realtek Semiconductor.) C:\Windows\System32\RtCRX64.dll
2015-03-30 09:56 - 2015-04-20 03:02 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-30 09:54 - 2015-04-25 06:23 - 00002882 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (StevenBong)
2015-03-30 09:54 - 2015-03-30 09:54 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-03-30 09:54 - 2015-03-30 09:54 - 00003240 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2015-03-30 09:54 - 2015-03-30 09:54 - 00003184 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2015-03-30 09:54 - 2015-03-30 09:54 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\IObit
2015-03-30 09:54 - 2015-03-30 09:54 - 00000000 ____D () C:\ProgramData\IObit
2015-03-30 09:54 - 2015-03-30 09:54 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-30 04:41 - 2015-03-30 04:41 - 00000000 ____D () C:\GOG Games
2015-03-29 06:38 - 2015-03-29 12:49 - 00001079 _____ () C:\Users\Public\Desktop\Internet Explorer 11.lnk
2015-03-29 06:38 - 2015-03-29 12:49 - 00000000 ____D () C:\Program Files (x86)\Internet Explorer 11
2015-03-27 21:43 - 2015-03-27 21:43 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\SKIDROW
2015-03-27 21:38 - 2015-03-27 21:38 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\Sins of a Solar Empire - Rebellion
2015-03-27 21:32 - 2015-03-27 21:32 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 08:26 - 2015-01-09 03:24 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\ClassicShell
2015-04-25 08:24 - 2015-01-16 18:09 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\Comodo
2015-04-25 07:40 - 2015-03-13 10:54 - 00001314 _____ () C:\Users\StevenBong\Desktop\My DAP Downloads.lnk
2015-04-25 07:39 - 2013-10-26 05:48 - 00000000 ____D () C:\ProgramData\Temp
2015-04-25 07:11 - 2014-11-10 17:46 - 00000000 ____D () C:\users\StevenBong
2015-04-25 07:10 - 2015-02-13 22:43 - 00000374 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2015-04-25 07:06 - 2015-01-09 08:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-25 06:24 - 2013-03-04 15:30 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini
2015-04-25 06:23 - 2013-10-26 05:42 - 00034752 _____ () C:\Windows\System32\Drivers\WPRO_41_2001.sys
2015-04-25 06:21 - 2013-10-26 05:42 - 00000272 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2015-04-25 06:21 - 2013-10-26 05:42 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2015-04-25 06:19 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-25 06:07 - 2014-04-16 19:29 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\Dropbox
2015-04-25 05:03 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System32\sru
2015-04-25 04:51 - 2013-11-20 06:49 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1223779872-2193386940-3889843809-1002
2015-04-25 01:49 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2015-04-25 00:08 - 2015-01-16 12:54 - 00000000 _RSHD () C:\360SANDBOX
2015-04-25 00:07 - 2015-02-07 20:02 - 00000000 ____D () C:\Program Files (x86)\Assets Manager
2015-04-25 00:07 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\vpnplugins
2015-04-24 23:53 - 2015-01-16 14:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-04-24 20:23 - 2015-01-16 08:47 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\GarenaPlus
2015-04-24 20:23 - 2015-01-16 08:45 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-04-24 18:41 - 2012-07-26 00:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-04-24 10:05 - 2015-01-13 20:51 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\DAEMON Tools Lite
2015-04-24 01:37 - 2015-03-10 01:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-23 23:09 - 2015-01-31 18:43 - 00000000 ____D () C:\Users\StevenBong\Desktop\Games
2015-04-23 23:08 - 2014-03-03 21:32 - 00000000 ____D () C:\Program Files (x86)\Spectra Precision
2015-04-23 23:06 - 2014-04-21 17:54 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\360se6
2015-04-23 10:41 - 2014-07-24 06:33 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\Adobe
2015-04-23 09:50 - 2013-11-21 04:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-23 09:50 - 2013-11-21 04:21 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-23 07:31 - 2015-02-03 05:20 - 00000000 ____D () C:\Program Files (x86)\AspInfo
2015-04-23 01:43 - 2015-01-16 12:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-21 00:54 - 2015-01-16 08:46 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2015-04-19 23:57 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2015-04-19 02:13 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-18 09:56 - 2015-01-21 07:11 - 00045270 _____ () C:\Users\StevenBong\AppData\Roaming\room_v3.dat
2015-04-16 02:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 22:00 - 2012-07-25 23:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-15 11:53 - 2014-12-11 17:36 - 00000000 ____D () C:\Windows\System32\appraiser
2015-04-15 11:53 - 2014-09-24 01:58 - 00000000 ___SD () C:\Windows\System32\CompatTel
2015-04-14 21:41 - 2013-12-15 18:09 - 00000000 ____D () C:\Windows\System32\MRT
2015-04-14 21:20 - 2013-11-23 23:11 - 128913832 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-04-14 21:19 - 2013-11-21 23:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 20:15 - 2014-11-11 18:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\wuaext.dll
2015-04-14 09:09 - 2015-01-09 08:08 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-13 15:24 - 2015-03-11 18:18 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 15:24 - 2015-03-11 18:18 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 21:47 - 2015-01-13 18:41 - 00000000 ____D () C:\New folder
2015-04-09 09:56 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\System32\config\BBI
2015-04-08 22:17 - 2015-01-16 13:53 - 00000916 _____ () C:\Users\StevenBong\Desktop\Hdfo.txt
2015-04-05 22:39 - 2015-03-12 11:39 - 00000000 ___HD () C:\ArcTemp
2015-04-03 00:57 - 2013-05-28 13:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-02 18:48 - 2015-01-16 18:11 - 01474832 _____ () C:\Windows\System32\Drivers\sfi.dat
2015-04-02 06:32 - 2014-09-15 22:49 - 00000200 _____ () C:\Windows\System32\Drivers\LOCK.SSP
2015-04-02 00:52 - 2015-03-12 19:32 - 00000000 ____D () C:\Program Files (x86)\Chromium Logging
2015-03-30 10:48 - 2015-01-09 05:22 - 00553632 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-03-30 10:31 - 2013-10-26 05:36 - 08153088 _____ (IDT, Inc.) C:\Windows\System32\IDTNHP.dll
2015-03-30 10:31 - 2013-10-26 05:36 - 08078848 _____ (IDT, Inc.) C:\Windows\System32\IDTNGUI.exe
2015-03-30 10:31 - 2013-10-26 05:36 - 06101504 _____ (IDT, Inc.) C:\Windows\System32\stlang64.dll
2015-03-30 10:31 - 2013-10-26 05:36 - 02230784 _____ (IDT, Inc.) C:\Windows\System32\IDTNX.dll
2015-03-30 10:31 - 2013-10-26 05:36 - 01897984 _____ (IDT, Inc.) C:\Windows\System32\IDTNC64.cpl
2015-03-30 10:31 - 2013-10-26 05:36 - 01703424 _____ (IDT, Inc.) C:\Windows\sttray64.exe
2015-03-30 10:31 - 2013-10-26 05:36 - 00464384 _____ (SRS Labs, Inc.) C:\Windows\System32\slapoi64.dll
2015-03-30 10:31 - 2013-10-26 05:36 - 00253952 _____ (IDT, Inc.) C:\Windows\System32\IDTNJ.exe
2015-03-30 10:31 - 2013-10-26 05:36 - 00224768 _____ (IDT, Inc.) C:\Windows\System32\HPToneCtrls64.dll
2015-03-30 10:31 - 2013-10-26 05:36 - 00042508 _____ () C:\Windows\System32\DREAMWORKS.XML
2015-03-30 10:30 - 2013-03-19 13:21 - 03648400 _____ (Validity Sensors, Inc.) C:\Windows\System32\vcsAPIFORWBF.dll
2015-03-30 10:29 - 2014-11-10 17:39 - 00002834 _____ () C:\Windows\System32\RaCoInst.log
2015-03-27 21:43 - 2015-01-15 03:41 - 00000000 ____D () C:\Users\StevenBong\Documents\My Games
 
Some content of TEMP:
====================
C:\Users\StevenBong\AppData\Local\Temp\cabex.dll
C:\Users\StevenBong\AppData\Local\Temp\dllnt_dump.dll
C:\Users\StevenBong\AppData\Local\Temp\RunWizards.exe
C:\Users\StevenBong\AppData\Local\Temp\SetupUtils6.dll
C:\Users\StevenBong\AppData\Local\Temp\UNINSTALL.EXE
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2015-03-10 22:58] - [2015-03-10 22:58] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437
 
C:\Windows\System32\wininit.exe
[2015-03-10 22:55] - [2015-03-10 22:55] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380
 
C:\Windows\explorer.exe
[2015-03-10 19:31] - [2015-01-27 15:47] - 2501368 ____A (Microsoft Corporation) C10A66189DC8C090E7C84873EDCEBC88
 
C:\Windows\SysWOW64\explorer.exe
[2015-03-10 19:31] - [2015-01-27 15:41] - 2207488 ____A (Microsoft Corporation) 91E24273FCA076EA9E65DAFA98901225
 
C:\Windows\System32\svchost.exe
[2015-03-10 22:54] - [2015-03-10 22:54] - 0038792 ____A (Microsoft Corporation) E3A2AD05E24105B35E986CF9CB38EC47
 
C:\Windows\SysWOW64\svchost.exe
[2015-03-10 22:54] - [2015-03-10 22:54] - 0033088 ____A (Microsoft Corporation) D0ABC231C0B3E88C6B612B28ABBF734D
 
C:\Windows\System32\services.exe
[2015-03-10 23:00] - [2015-03-10 23:00] - 0411128 ____A (Microsoft Corporation) 5BF02EBEFEDC706318C96E2E60EDCB91
 
C:\Windows\System32\User32.dll
[2015-03-10 23:03] - [2015-03-10 23:03] - 1540696 ____A (Microsoft Corporation) 25026E350BC3BE37631634EC72B10BD5
 
C:\Windows\SysWOW64\User32.dll
[2015-03-10 23:03] - [2015-03-10 23:03] - 1376256 ____A (Microsoft Corporation) 76C5CF09F53A3B089B5581B9938F8CAE
 
C:\Windows\System32\userinit.exe
[2015-03-10 22:52] - [2015-03-10 22:52] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F
 
C:\Windows\SysWOW64\userinit.exe
[2015-03-10 22:53] - [2015-03-10 22:53] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0
 
C:\Windows\System32\rpcss.dll
[2015-03-10 23:01] - [2015-03-10 23:01] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-04-25 04:48:10
 
==================== Memory info =========================== 
 
Percentage of memory in use: 6%
Total physical RAM: 16316.02 MB
Available physical RAM: 15301.15 MB
Total Pagefile: 16316.02 MB
Available Pagefile: 15324.49 MB
Total Virtual: 131072 MB
Available Virtual: 131071.87 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:905.34 GB) (Free:698.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.96 GB) (Free:2.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (ALPHARIUS) (Removable) (Total:15.71 GB) (Free:14.37 GB) FAT32
Drive f: () (Fixed) (Total:0.44 GB) (Free:0.08 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 15.7 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
 
LastRegBack: 2015-04-25 04:52
 
==================== End Of Log ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 26 April 2015 - 08:09 AM

Please download the fixlist to your flash drive and save it in the same directory as FRST.
 
Start FRST again (like for the scan before) and press the FIX Button.

Afterwards restart your computer. Does it boot normally into Windows again?

 

Attached File  fixlist.txt   106bytes   8 downloads


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 ZiJie

ZiJie
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  

Posted 26 April 2015 - 11:30 AM

Unfortunately no, my laptop is still stuck in the loop, here is the log
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2015
Ran by SYSTEM at 2015-04-27 00:23:36 Run:1
Running from f:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [273920 2015-03-10] (Microsoft Corporation)
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => value deleted successfully.
 
==== End of Fixlog 00:23:37 ====


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 26 April 2015 - 03:29 PM

Hi there,

Step 1

frst.pngfrstfixre.png

Please download the fixlist to your flash drive and save it in the same directory as FRST.
Start FRST again (like for the fix above) and press the FIX Button again.

 

Attached File  fixlist.txt   29bytes   11 downloads

 

 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 ZiJie

ZiJie
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  

Posted 26 April 2015 - 10:29 PM

Awesome, my laptop has successfully managed to boot into Safe Mode, waiting for further instructions.



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 27 April 2015 - 04:35 AM

Hi there,
can you boot in normal mode as well?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 ZiJie

ZiJie
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  

Posted 27 April 2015 - 06:40 AM

Yes I can, takes about a minute or two which is fine. But is still slow after that. Shutting down is also rather slow.

Edited by ZiJie, 27 April 2015 - 06:49 AM.


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 27 April 2015 - 07:03 AM

Ok, then run a scan with FRST in normal mode and post the logs please. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 ZiJie

ZiJie
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  

Posted 27 April 2015 - 09:32 AM

Well I scanned and got 2 logs, 

Log 1

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015

Ran by StevenBong (administrator) on EMPEROR on 27-04-2015 21:29:34
Running from F:\
Loaded Profiles: StevenBong (Available profiles: StevenBong)
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Comodo Security Solutions, Inc.) C:\Windows\Common Files (x86)\COMODO\launcher_service.exe
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files (x86)\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Hefei Hejunzhengce Info Tech Co., Ltd.) C:\Program Files (x86)\Windows FontCache\R1\FontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Security Solutions, Inc.) C:\Windows\Common Files (x86)\COMODO\GeekBuddyRSP.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Windows\System32\valWBFPolicyService.exe
(SPEEDbit) C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(IDT, Inc.) C:\Program Files (x86)\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2015-01-18] (IvoSoft)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [156888 2015-03-31] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files (x86)\IDT\WDM\sttray64.exe [1703424 2015-03-31] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-11] (IVT Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-06] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [tvncontrol] => C:\WINDOWS\Common Files (x86)\COMODO\GeekBuddyRSP.exe [2327248 2014-09-17] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2015-02-09] (Microsoft Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-26] (Razer Inc.)
HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9981888 2015-04-20] ()
HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-13] (Piriform Ltd)
HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-01] (SUPERAntiSpyware)
HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\Run: [SpeedBitVideoAccelerator] => C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe [1517224 2015-02-13] (SPEEDbit)
HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2015-03-14] (Speedbit Ltd.)
HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\MountPoints2: {9d5c4f0a-9ba8-11e4-befa-8056f249927c} - "E:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-10-26]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-01-17]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\COMODO\GeekBuddy\launcher.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=107&itype=n&ver=15586&tm=617&src=ds&p={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4825-154355-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=107&itype=n&ver=15586&tm=617&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4825-154355-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1223779872-2193386940-3889843809-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1429779031&from=wpc&uid=ST1000LM024XHN-M101MBB_S2Y9J9AD802491&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1223779872-2193386940-3889843809-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1429779031&from=wpc&uid=ST1000LM024XHN-M101MBB_S2Y9J9AD802491&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1223779872-2193386940-3889843809-1002 -> {80EAD37A-9CDE-4242-8ACB-E8957ADBC8CB} URL = http://search.findwide.com/serp?guid={4EAA76F7-804B-4BE8-A7E6-DAFA93B2CD03}&k={searchTerms}
SearchScopes: HKU\S-1-5-21-1223779872-2193386940-3889843809-1002 -> {82881C54-9059-4FF1-9FDF-7A25045FB023} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11185
SearchScopes: HKU\S-1-5-21-1223779872-2193386940-3889843809-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=107&itype=n&ver=15586&tm=617&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1223779872-2193386940-3889843809-1002 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&bar=13&tn=20041099_cb
SearchScopes: HKU\S-1-5-21-1223779872-2193386940-3889843809-1002 -> {BA53668F-9D86-4F7B-A091-1CD338BBE884} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&bar=13&tn=20041099_cb
SearchScopes: HKU\S-1-5-21-1223779872-2193386940-3889843809-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/4825-154355-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll [2014-08-25] (Shenzhen QVOD Technology Co.,Ltd)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2015-04-09] (Perfect World Entertainment Inc)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll [2015-03-14] (Speedbit Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-10] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - No Name - {BE36B6EB-4818-4751-8AE4-E533B5A972C9} -  No File
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - No Name - {BE36B6EB-4818-4751-8AE4-E533B5A972C9} -  No File
DPF: HKLM-x32 {F439C439-7EF6-11D7-88CF-005004D86CD8} https://www.eperolehan.com.my/ocx/EG.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Winsock: Catalog9 01 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2015-02-13] (SPEEDbit)
Winsock: Catalog9 02 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2015-02-13] (SPEEDbit)
Winsock: Catalog9 03 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2015-02-13] (SPEEDbit)
Winsock: Catalog9 04 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2015-02-13] (SPEEDbit)
Winsock: Catalog9 05 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2015-02-13] (SPEEDbit)
Winsock: Catalog9 06 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2015-02-13] (SPEEDbit)
Winsock: Catalog9 07 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2015-02-13] (SPEEDbit)
Winsock: Catalog9 08 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2015-02-13] (SPEEDbit)
Winsock: Catalog9 20 C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll [177320 2015-02-13] (SPEEDbit)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9D868A01-0F43-4BC7-9CC9-7C4A71DB678E}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\StevenBong\AppData\Roaming\Mozilla\Firefox\Profiles\7ras3ktv.default-1422433950253
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @pps.tv/npWebPlayer -> C:\Program Files (x86)\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-08] ( HP)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2015-04-09] (Perfect World Entertainment Inc)
FF Plugin-x32: @pps.tv/npWebPlayer -> C:\Program Files (x86)\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-24] (Google Inc.)
FF Plugin-x32: @xigua.com/npxgax -> C:\Program Files\xigua\npxgax.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1223779872-2193386940-3889843809-1002: @citrixonline.com/appdetectorplugin -> C:\Users\StevenBong\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-1223779872-2193386940-3889843809-1002: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
FF Plugin HKU\S-1-5-21-1223779872-2193386940-3889843809-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\StevenBong\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1223779872-2193386940-3889843809-1002: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF SearchPlugin: C:\Users\StevenBong\AppData\Roaming\Mozilla\Firefox\Profiles\7ras3ktv.default-1422433950253\searchplugins\yahoo-1.xml [2015-02-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-04-24]
FF Extension: SaLePlus - C:\Users\StevenBong\AppData\Roaming\Mozilla\Firefox\Profiles\7ras3ktv.default-1422433950253\Extensions\6shX@i.net [2015-04-23]
FF Extension: SalePluos - C:\Users\StevenBong\AppData\Roaming\Mozilla\Firefox\Profiles\7ras3ktv.default-1422433950253\Extensions\9eUi@5.net [2015-04-23]
FF Extension: bestadblocker - C:\Users\StevenBong\AppData\Roaming\Mozilla\Firefox\Profiles\7ras3ktv.default-1422433950253\Extensions\BX5ZOkJt@ak.net [2015-04-23]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\StevenBong\AppData\Roaming\Mozilla\Firefox\Profiles\7ras3ktv.default-1422433950253\Extensions\adblockpopups@jessehakanen.net.xpi [2015-02-03]
FF Extension: AdBlock Lite - C:\Users\StevenBong\AppData\Roaming\Mozilla\Firefox\Profiles\7ras3ktv.default-1422433950253\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2015-02-03]
FF Extension: Adblock Plus - C:\Users\StevenBong\AppData\Roaming\Mozilla\Firefox\Profiles\7ras3ktv.default-1422433950253\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-29]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-03-10]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2015-02-13]
FF HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2015-02-13]
FF Extension: No Name - C:\Users\StevenBong\AppData\Roaming\Mozilla\Firefox\Profiles\7ras3ktv.default-1422433950253\extensions\sweetsearch@gmail.com [Not Found]
FF Extension: No Name - C:\Users\StevenBong\AppData\Roaming\Mozilla\Firefox\Profiles\7ras3ktv.default-1422433950253\extensions\avg@toolbar [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\StevenBong\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\StevenBong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\StevenBong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Google Search) - C:\Users\StevenBong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\StevenBong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2015-03-14]
CHR Extension: (Bookmark Manager) - C:\Users\StevenBong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (Website Logon) - C:\Users\StevenBong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2015-03-01]
CHR Extension: (Sidebar for Google Search) - C:\Users\StevenBong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jbhiigbgcmeeknmajflllpcllcccheeb [2015-04-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\StevenBong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-24]
CHR Extension: (Google Wallet) - C:\Users\StevenBong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Gmail) - C:\Users\StevenBong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\StevenBong\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-24]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2015-03-14]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2014-12-26] (Adobe Systems) [File not signed]
S2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe [1443704 2013-05-28] (Flexera Software LLC)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88584 2015-04-09] (Perfect World Entertainment Inc)
S4 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHips.exe [64008 2014-10-28] (百度在线网络技术(北京)有限公司)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1626872 2013-02-01] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-11] (IVT Corporation) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-11] (Microsoft Corporation)
R2 CLPSLauncher; C:\WINDOWS\Common Files (x86)\COMODO\launcher_service.exe [70864 2014-09-17] (Comodo Security Solutions, Inc.)
R2 FontCache_R1; C:\Program Files (x86)\Windows FontCache\R1\FontCache.exe [3751000 2015-04-07] (Hefei Hejunzhengce Info Tech Co., Ltd.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-08] (HP)
R2 GeekBuddyRSP; C:\WINDOWS\Common Files (x86)\COMODO\GeekBuddyRSP.exe [2327248 2014-09-17] (Comodo Security Solutions, Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-05-30] (SafeNet Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-28] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-02] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-23] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-02-23] (Intel Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
S3 MSSQLFDLauncher$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3398544 2014-11-11] (INCA Internet Co., Ltd.)
S3 QiyiService; C:\Program Files (x86)\IQIYI Video\PStyle\QiyiService.exe [460224 2014-12-12] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
R2 STacSV; C:\Program Files (x86)\IDT\WDM\STacSV64.exe [339968 2015-03-31] (IDT, Inc.) [File not signed]
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2013-03-20] () [File not signed]
R2 VideoAcceleratorService; C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe [298152 2015-02-13] (SPEEDbit)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-12] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files (x86)\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files (x86)\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [1478144 2015-03-11] (Microsoft Corporation)
S2 392f5ca0; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\CutterSystem\CutterSystem.dll",serv
S3 Wmkcd; C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\jeoslfz.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [128584 2014-12-05] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [317000 2014-11-04] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-04-18] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [344648 2014-12-23] (360.cn)
S4 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [181320 2014-12-25] (360安全中心)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72264 2014-09-23] (360.cn)
S3 akshasp; C:\Windows\system32\DRIVERS\akshasp.sys [60488 2014-05-30] (SafeNet Inc.)
S3 akshhl; C:\Windows\system32\DRIVERS\akshhl.sys [63944 2014-05-30] (SafeNet Inc.)
S3 aksusb; C:\Windows\system32\DRIVERS\aksusb.sys [303624 2014-05-30] (SafeNet Inc.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180808 2014-11-07] (360.cn)
S4 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [174416 2014-10-28] (Baidu)
S4 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [190280 2014-10-28] (Baidu)
S2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [87368 2014-10-28] (Baidu Technology)
R2 BDMNetMon; C:\Windows\System32\DRIVERS\BDMNetMon.sys [227656 2014-10-28] (Baidu)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-16] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 bthhfhid; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-20] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49200 2013-02-27] (Ralink Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2015-01-18] (Windows ® Win 7 DDK provider)
R0 DsArk; C:\Windows\System32\drivers\DsArk64.sys [122440 2014-10-16] (360.cn)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-14] (Disc Soft Ltd)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [331608 2014-05-30] (SafeNet Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-04-25] ()
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-31] (REALiX™)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-14] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-14] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-14] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-03-31] (Intel Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2015-03-31] (Ralink Technology, Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [788696 2015-03-31] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9101016 2015-03-31] (Realtek Semiconductor Corp.)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2015-03-04] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SENT64; C:\Windows\System32\Drivers\sent64.sys [34632 2013-11-20] (SafeKey International, Inc.) [File not signed]
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2015-03-31] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-04-25] ()
S3 utdrv; C:\Windows\system32\drivers\utdrv.sys [26664 2013-03-29] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-09-01] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-27] ()
U4 CmdAgent; No ImagePath
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 X6va029; \??\C:\WINDOWS\SysWOW64\Drivers\X6va029 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-28 03:23 - 2015-04-28 03:23 - 00000000 ____D () C:\WINDOWS\system32\config\HiveBackup
2015-04-27 21:16 - 2015-04-27 21:16 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-04-27 19:46 - 2015-04-27 19:46 - 00000000 _____ () C:\Users\StevenBong\AppData\Local\BITE27E.tmp
2015-04-27 19:44 - 2015-04-27 19:44 - 00000000 _____ () C:\Users\StevenBong\AppData\Local\{7C732955-7D57-4367-A0C8-155D8EA2938E}
2015-04-27 02:46 - 2015-04-27 21:29 - 00000000 ____D () C:\FRST
2015-04-26 00:24 - 2015-04-26 00:24 - 00027400 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2015-04-26 00:24 - 2015-04-26 00:24 - 00024328 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2015-04-26 00:24 - 2015-04-26 00:24 - 00023272 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.exe
2015-04-26 00:24 - 2015-04-26 00:24 - 00001109 _____ () C:\Users\Public\Desktop\Internet (Chromodo).lnk
2015-04-26 00:24 - 2015-04-26 00:24 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-26 00:24 - 2015-04-26 00:24 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-25 23:40 - 2015-04-26 00:19 - 214041880 _____ (COMODO) C:\Users\StevenBong\Desktop\cav_installer_5951_60.exe
2015-04-25 23:12 - 2015-04-27 21:20 - 00007116 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-25 22:39 - 2015-04-25 21:30 - 00364472 _____ () C:\WINDOWS\system32\aswBoot.exe
2015-04-25 21:39 - 2015-04-25 21:39 - 00001945 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-04-25 21:39 - 2015-04-25 21:39 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\AVAST Software
2015-04-25 21:39 - 2015-04-25 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-25 21:38 - 2015-04-25 21:38 - 00356280 _____ (Dropbox, Inc.) C:\Users\Public\Desktop\DropboxInstallerAvast.exe
2015-04-25 21:38 - 2015-04-25 21:38 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-04-25 21:38 - 2015-04-25 21:31 - 00442264 _____ () C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-25 21:38 - 2015-04-25 21:31 - 00272248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-25 21:38 - 2015-04-25 21:31 - 00137288 _____ () C:\WINDOWS\system32\Drivers\aswStm.sys
2015-04-25 21:38 - 2015-04-25 21:30 - 00093528 _____ () C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-04-25 21:38 - 2015-04-25 21:30 - 00089944 _____ () C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-25 21:38 - 2015-04-25 21:30 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-25 21:38 - 2015-04-25 21:30 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-25 21:38 - 2015-04-25 21:26 - 01047320 _____ () C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-25 21:29 - 2015-04-25 21:29 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-25 20:44 - 2015-04-25 20:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-25 20:43 - 2015-04-25 20:44 - 05498080 _____ (Avast Software s.r.o.) C:\Users\StevenBong\Desktop\avast_free_antivirus_setup_online.exe
2015-04-25 17:57 - 2015-04-25 17:58 - 04578040 _____ (AVG Technologies) C:\Users\StevenBong\Desktop\avg_free_stb_all_2015_5315_ppc1.exe
2015-04-25 17:19 - 2015-04-25 17:41 - 116735282 _____ (Realtek Semiconductor Corp.) C:\Users\StevenBong\Desktop\0003-64bit_Win7_Win8_Win81_R276.exe
2015-04-25 15:33 - 2015-04-25 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-04-25 15:33 - 2015-04-25 15:33 - 00000000 ____D () C:\Program Files (x86)\RogueKiller
2015-04-25 15:33 - 2015-04-25 15:33 - 00000000 ____D () C:\Program Files (x86)\RogueKiller
2015-04-25 15:29 - 2015-04-25 15:32 - 18880096 _____ (Adlice Software ) C:\Users\StevenBong\Desktop\setup.exe
2015-04-25 12:17 - 2015-04-25 12:18 - 02099712 _____ (Farbar) C:\Users\StevenBong\Desktop\FRST64.exe
2015-04-25 09:55 - 2015-04-27 21:10 - 00026358 _____ () C:\WINDOWS\PFRO.log
2015-04-25 08:14 - 2015-04-25 08:14 - 00000000 ____D () C:\$WINDOWS.~BT
2015-04-25 03:28 - 2015-04-27 21:19 - 00001641 _____ () C:\WINDOWS\setupact.log
2015-04-25 03:28 - 2015-04-25 03:28 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-25 02:17 - 2015-04-25 02:17 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-04-25 02:17 - 2015-04-25 02:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-25 02:14 - 2015-04-27 21:28 - 00530310 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-25 02:12 - 2015-04-25 02:13 - 11028616 _____ (SurfRight B.V.) C:\Users\StevenBong\Desktop\HitmanPro_x64.exe
2015-04-25 02:09 - 2015-04-25 02:09 - 00038756 _____ () C:\Users\StevenBong\Documents\cc_20150425_020927.reg
2015-04-24 20:04 - 2015-04-24 20:04 - 00000000 __SHD () C:\found.000
2015-04-24 15:08 - 2015-04-24 15:08 - 00000000 ____D () C:\InstallShield
2015-04-24 14:53 - 2015-04-24 15:40 - 00000000 ____D () C:\WINDOWS\pss
2015-04-24 13:59 - 2015-04-25 15:34 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-04-24 13:59 - 2015-04-24 14:25 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-24 13:51 - 2015-04-27 21:14 - 00003496 _____ () C:\WINDOWS\System32\Tasks\gg_uac_daemon_StevenBong
2015-04-24 02:58 - 2015-04-25 02:07 - 05619466 _____ (Swearware) C:\Users\StevenBong\Desktop\ComboFix.exe
2015-04-24 02:39 - 2015-04-24 02:39 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\StevenBong\Desktop\flashplayer17pp_fa_install.exe
2015-04-24 02:21 - 2015-04-24 02:21 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\Opera Software
2015-04-24 02:21 - 2015-04-24 02:21 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\Opera Software
2015-04-24 02:20 - 2015-04-24 02:20 - 00003828 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1429813244
2015-04-24 02:20 - 2015-04-24 02:20 - 00001118 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-04-24 02:20 - 2015-04-24 02:20 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-24 02:15 - 2015-04-24 11:12 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-24 02:15 - 2015-04-24 11:12 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-24 02:14 - 2015-04-24 02:14 - 00002170 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-24 02:06 - 2015-04-24 02:06 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-04-24 02:06 - 2015-04-24 02:06 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-04-24 01:50 - 2015-04-27 21:14 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-24 01:50 - 2015-04-25 22:56 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 00:20 - 2015-04-24 15:37 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-04-23 21:18 - 2015-04-23 21:18 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\TuneUp Software
2015-04-23 21:03 - 2015-04-25 11:27 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-23 21:03 - 2015-04-23 21:03 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\MFAData
2015-04-23 21:01 - 2015-04-23 21:02 - 04818760 _____ (AVG Technologies) C:\Users\StevenBong\Desktop\avg_free_stb_all_5863p1_177.exe
2015-04-23 16:49 - 2015-04-24 01:19 - 00000000 ____D () C:\Program Files (x86)\CutterSystem
2015-04-23 16:49 - 2015-04-24 01:19 - 00000000 ____D () C:\Program Files (x86)\CutterSystem
2015-04-23 16:48 - 2015-04-23 23:44 - 00000000 ____D () C:\Program Files (x86)\Sidebar for Google Search
2015-04-23 16:48 - 2015-04-23 23:44 - 00000000 ____D () C:\Program Files (x86)\Sidebar for Google Search
2015-04-23 16:47 - 2015-04-23 23:31 - 00000000 ____D () C:\Program Files (x86)\bestadblocker
2015-04-23 16:47 - 2015-04-23 23:31 - 00000000 ____D () C:\Program Files (x86)\bestadblocker
2015-04-23 16:46 - 2015-04-23 16:46 - 00000000 ____D () C:\ProgramData\oldakhhpbgmgigogbkdiedbgpeeimdai
2015-04-23 16:45 - 2015-04-23 16:45 - 00384000 _____ () C:\Users\StevenBong\Downloads\Download Patch 1.03 + Hotfix Pillars of Eternity_ Hero Edition-GOG Torrent - KickassTorrents (2).exe
2015-04-23 16:45 - 2015-04-23 16:45 - 00000000 ____D () C:\ProgramData\{7d973887-c79e-ad2b-7d97-73887c79e21f}
2015-04-23 16:42 - 2015-04-23 16:48 - 00000000 ____D () C:\ProgramData\12437344283165372498
2015-04-23 16:42 - 2015-04-23 16:42 - 00000000 ____D () C:\ProgramData\iohcbgdljaochdlfbldmihmagjeaddan
2015-04-23 16:41 - 2015-04-23 22:02 - 00000000 ____D () C:\ProgramData\{1f812659-6046-68ca-1f81-126596049965}
2015-04-23 02:53 - 2015-04-26 17:33 - 00000000 _____ () C:\Recovery.txt
2015-04-20 20:59 - 2015-04-20 20:59 - 00000095 _____ () C:\Users\StevenBong\Summoner's Legion.url
2015-04-15 12:17 - 2015-03-24 05:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 12:17 - 2015-03-24 05:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 12:17 - 2015-03-24 05:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 12:17 - 2015-03-24 05:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 12:17 - 2015-03-24 05:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 12:17 - 2015-03-20 12:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 12:17 - 2015-03-20 12:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 12:17 - 2015-03-20 12:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 12:17 - 2015-03-20 11:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 12:17 - 2015-03-20 10:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 12:17 - 2015-03-20 10:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 12:17 - 2015-03-20 10:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 12:17 - 2015-03-14 16:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 12:17 - 2015-03-14 16:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 12:17 - 2015-03-13 12:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 12:17 - 2015-03-13 12:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 12:17 - 2015-03-13 12:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 12:17 - 2015-03-13 11:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 12:17 - 2015-03-13 11:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 12:17 - 2015-03-13 11:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 12:17 - 2015-03-13 11:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 12:17 - 2015-03-13 11:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 12:17 - 2015-03-13 11:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 12:17 - 2015-03-13 11:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 12:17 - 2015-03-13 11:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 12:17 - 2015-03-13 11:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 12:17 - 2015-03-13 11:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 12:17 - 2015-03-13 11:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 12:17 - 2015-03-13 10:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 12:17 - 2015-03-13 10:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 12:17 - 2015-03-13 10:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 12:17 - 2015-03-13 10:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 12:17 - 2015-03-13 10:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 12:17 - 2015-03-13 10:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 12:17 - 2015-03-13 10:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 12:17 - 2015-03-13 10:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 12:17 - 2015-03-13 10:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 12:17 - 2015-03-13 10:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 12:17 - 2015-03-13 10:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 12:17 - 2015-03-13 10:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 12:17 - 2015-02-21 07:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 12:16 - 2015-03-23 06:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 12:16 - 2015-03-23 06:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 12:16 - 2015-03-23 06:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 12:16 - 2015-03-23 06:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 12:16 - 2015-03-23 06:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 12:16 - 2015-03-23 06:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 12:16 - 2015-03-23 06:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 12:16 - 2015-03-14 16:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 12:16 - 2015-03-14 09:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 12:16 - 2015-03-14 09:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 12:16 - 2015-03-14 09:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 12:16 - 2015-03-14 09:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 12:16 - 2015-03-14 09:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 12:16 - 2015-03-14 08:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 12:16 - 2015-03-14 08:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 12:16 - 2015-03-14 08:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 12:16 - 2015-03-14 08:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 12:16 - 2015-03-14 08:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 12:16 - 2015-03-14 08:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 12:16 - 2015-03-14 08:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 12:16 - 2015-03-14 08:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 12:16 - 2015-03-14 08:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 12:16 - 2015-03-14 08:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 12:16 - 2015-03-14 07:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 12:16 - 2015-03-14 07:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 12:16 - 2015-03-04 18:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 12:16 - 2015-03-04 11:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 12:16 - 2015-03-04 10:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 12:16 - 2015-02-24 16:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 01:09 - 2015-04-15 01:09 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-04-13 14:02 - 2015-04-13 14:02 - 00881368 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2015-04-13 14:02 - 2015-04-13 14:02 - 00073800 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2015-04-11 11:34 - 2015-04-11 11:35 - 00000000 ____D () C:\Users\StevenBong\Desktop\Heroes of Might and Magic V - Tribes Of The East
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Program Files (x86)\Windows FontCache
2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Program Files (x86)\Windows FontCache
2015-04-06 14:16 - 2015-04-25 17:42 - 00000000 ____D () C:\Program Files (x86)\Neverwinter_en
2015-04-06 14:16 - 2015-04-25 17:42 - 00000000 ____D () C:\Program Files (x86)\Neverwinter_en
2015-04-04 14:05 - 2015-04-04 14:07 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 14:05 - 2015-04-04 14:05 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-03 17:01 - 2015-04-03 17:24 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\Arc
2015-04-03 16:57 - 2015-04-25 17:37 - 00000000 ____D () C:\Program Files (x86)\Arc
2015-04-03 16:57 - 2015-04-25 17:37 - 00000000 ____D () C:\Program Files (x86)\Arc
2015-04-03 16:57 - 2015-04-06 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2015-04-03 16:35 - 2015-04-03 16:35 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\Blizzard Entertainment
2015-04-03 16:34 - 2015-04-03 16:35 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\Battle.net
2015-04-03 16:34 - 2015-04-03 16:34 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\Battle.net
2015-04-03 16:34 - 2015-04-03 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-04-03 16:34 - 2015-04-03 16:34 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-04-03 16:34 - 2015-04-03 16:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-03 16:34 - 2015-04-03 16:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-03 16:09 - 2015-04-03 16:09 - 00000000 ____D () C:\ProgramData\Battle.net
2015-03-31 02:34 - 2015-03-31 02:34 - 00644968 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2015-03-31 02:33 - 2015-03-31 02:34 - 00000000 ____D () C:\Program Files (x86)\IDT
2015-03-31 02:33 - 2015-03-31 02:34 - 00000000 ____D () C:\Program Files (x86)\IDT
2015-03-31 02:31 - 2015-03-31 02:31 - 02213376 _____ (IDT, Inc.) C:\WINDOWS\system32\stapo64.dll
2015-03-31 02:31 - 2015-03-31 02:31 - 00697856 _____ (IDT, Inc.) C:\WINDOWS\system32\stapi64.dll
2015-03-31 02:31 - 2015-03-31 02:31 - 00551936 _____ (IDT, Inc.) C:\WINDOWS\system32\Drivers\stwrt64.sys
2015-03-31 02:31 - 2015-03-31 02:31 - 00499200 _____ (IDT, Inc.) C:\WINDOWS\system32\stcplx64.dll
2015-03-31 02:31 - 2015-03-31 02:31 - 00256000 _____ (IDT, Inc.) C:\WINDOWS\system32\st646492.dll
2015-03-31 02:30 - 2015-03-31 02:30 - 09101016 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtsuvc.sys
2015-03-31 02:30 - 2015-03-31 02:30 - 02628312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCamU64.exe
2015-03-31 02:30 - 2015-03-31 02:30 - 00471768 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamX64.dll
2015-03-31 02:30 - 2015-03-31 02:30 - 00418008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamX.dll
2015-03-31 02:30 - 2015-03-31 02:30 - 00156888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtsCM64.exe
2015-03-31 02:30 - 2015-03-31 02:30 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-03-31 02:30 - 2015-03-31 02:30 - 00000000 ____D () C:\Program Files (x86)\Synaptics
2015-03-31 02:30 - 2015-03-31 02:30 - 00000000 ____D () C:\Program Files (x86)\Synaptics
2015-03-31 02:29 - 2015-03-31 02:29 - 02514120 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\netr28x.sys
2015-03-31 02:29 - 2015-03-31 02:29 - 00332080 _____ (Ralink Technology, Inc.) C:\WINDOWS\system32\RaCoInstx.dll
2015-03-31 02:29 - 2015-03-31 02:29 - 00031472 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-03-31 02:29 - 2015-03-31 02:29 - 00013973 _____ () C:\WINDOWS\system32\RaCoInst.dat
2015-03-31 02:28 - 2015-03-31 02:28 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-03-31 02:28 - 2015-03-31 02:28 - 01205448 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\rtbth.sys
2015-03-31 02:28 - 2015-03-31 02:28 - 00129312 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2015-03-31 02:28 - 2015-03-31 02:28 - 00040958 _____ () C:\WINDOWS\system32\Drivers\rt3298.bin
2015-03-31 02:28 - 2015-03-31 02:28 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-03-31 02:27 - 2015-03-31 02:27 - 00455440 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2015-03-31 02:25 - 2015-03-31 02:25 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2015-03-31 02:25 - 2015-03-31 02:25 - 00788696 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsPer.sys
2015-03-31 02:25 - 2015-03-31 02:25 - 00083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2015-03-31 01:56 - 2015-04-20 19:02 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-31 01:54 - 2015-04-27 21:16 - 00002882 _____ () C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (StevenBong)
2015-03-31 01:54 - 2015-03-31 01:54 - 00026528 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2015-03-31 01:54 - 2015-03-31 01:54 - 00003240 _____ () C:\WINDOWS\System32\Tasks\Driver Booster Scan
2015-03-31 01:54 - 2015-03-31 01:54 - 00003184 _____ () C:\WINDOWS\System32\Tasks\Driver Booster Update
2015-03-31 01:54 - 2015-03-31 01:54 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\IObit
2015-03-31 01:54 - 2015-03-31 01:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-03-31 01:54 - 2015-03-31 01:54 - 00000000 ____D () C:\ProgramData\IObit
2015-03-31 01:54 - 2015-03-31 01:54 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-31 01:54 - 2015-03-31 01:54 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-30 21:12 - 2015-03-30 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pillars of Eternity [GOG.com]
2015-03-30 20:41 - 2015-03-30 20:41 - 00000000 ____D () C:\GOG Games
2015-03-29 22:38 - 2015-03-30 04:49 - 00001079 _____ () C:\Users\Public\Desktop\Internet Explorer 11.lnk
2015-03-29 22:38 - 2015-03-30 04:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer 11
2015-03-29 22:38 - 2015-03-30 04:49 - 00000000 ____D () C:\Program Files (x86)\Internet Explorer 11
2015-03-29 22:38 - 2015-03-30 04:49 - 00000000 ____D () C:\Program Files (x86)\Internet Explorer 11
2015-03-28 13:43 - 2015-03-28 13:43 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\SKIDROW
2015-03-28 13:38 - 2015-03-28 13:38 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\Sins of a Solar Empire - Rebellion
2015-03-28 13:38 - 2015-03-28 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-03-28 13:32 - 2015-03-28 13:32 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-03-28 13:32 - 2015-03-28 13:32 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-27 21:17 - 2015-02-14 14:43 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-04-27 21:16 - 2013-10-26 21:42 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-04-27 21:16 - 2013-03-05 07:30 - 00000983 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-04-27 21:13 - 2013-10-26 21:42 - 00000272 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-04-27 21:13 - 2013-10-26 21:42 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-04-27 21:12 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-27 19:43 - 2015-01-09 19:24 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\ClassicShell
2015-04-26 00:24 - 2015-01-17 10:09 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\Comodo
2015-04-26 00:24 - 2015-01-17 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-25 23:40 - 2015-03-14 02:54 - 00001314 _____ () C:\Users\StevenBong\Desktop\My DAP Downloads.lnk
2015-04-25 23:39 - 2013-10-26 21:48 - 00000000 ____D () C:\ProgramData\Temp
2015-04-25 23:11 - 2014-11-11 09:46 - 00000000 ____D () C:\Users\StevenBong
2015-04-25 23:06 - 2015-01-10 00:08 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-25 22:07 - 2014-04-17 11:29 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\Dropbox
2015-04-25 21:03 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-25 20:51 - 2013-11-20 22:49 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1223779872-2193386940-3889843809-1002
2015-04-25 17:49 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-25 16:08 - 2015-01-17 04:54 - 00000000 _RSHD () C:\360SANDBOX
2015-04-25 16:07 - 2015-02-08 12:02 - 00000000 ____D () C:\Program Files (x86)\Assets Manager
2015-04-25 16:07 - 2015-02-08 12:02 - 00000000 ____D () C:\Program Files (x86)\Assets Manager
2015-04-25 16:07 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\vpnplugins
2015-04-25 15:53 - 2015-01-17 06:44 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 12:23 - 2015-01-17 00:47 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\GarenaPlus
2015-04-25 12:23 - 2015-01-17 00:45 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-04-25 10:41 - 2012-07-26 16:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-25 02:05 - 2015-01-14 12:51 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\DAEMON Tools Lite
2015-04-24 17:37 - 2015-03-10 17:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-24 17:37 - 2015-03-10 17:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-24 15:09 - 2015-02-01 10:43 - 00000000 ____D () C:\Users\StevenBong\Desktop\Games
2015-04-24 15:08 - 2014-03-04 13:32 - 00000000 ____D () C:\Program Files (x86)\Spectra Precision
2015-04-24 15:08 - 2014-03-04 13:32 - 00000000 ____D () C:\Program Files (x86)\Spectra Precision
2015-04-24 15:06 - 2014-04-22 09:54 - 00000000 ____D () C:\Users\StevenBong\AppData\Roaming\360se6
2015-04-24 02:41 - 2014-07-24 22:33 - 00000000 ____D () C:\Users\StevenBong\AppData\Local\Adobe
2015-04-24 02:06 - 2014-08-15 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-04-24 01:50 - 2013-11-21 20:21 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-24 01:50 - 2013-11-21 20:21 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-23 23:31 - 2015-02-03 21:20 - 00000000 ____D () C:\Program Files (x86)\AspInfo
2015-04-23 23:31 - 2015-02-03 21:20 - 00000000 ____D () C:\Program Files (x86)\AspInfo
2015-04-21 16:54 - 2015-01-17 00:46 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2015-04-21 16:54 - 2015-01-17 00:46 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2015-04-20 15:57 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-19 18:13 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-19 01:56 - 2015-01-21 23:11 - 00045270 _____ () C:\Users\StevenBong\AppData\Roaming\room_v3.dat
2015-04-16 18:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-16 14:00 - 2012-07-26 15:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 03:53 - 2014-12-12 09:36 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-16 03:53 - 2014-09-24 17:58 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 13:41 - 2013-12-16 10:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 13:20 - 2013-11-24 15:11 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 13:19 - 2013-11-22 15:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 12:15 - 2014-11-12 10:40 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-15 01:09 - 2015-01-10 00:08 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 07:24 - 2015-03-12 10:18 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 07:24 - 2015-03-12 10:18 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 13:47 - 2015-01-14 10:41 - 00000000 ____D () C:\New folder
2015-04-10 01:56 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-09 14:17 - 2015-01-17 05:53 - 00000916 _____ () C:\Users\StevenBong\Desktop\Hdfo.txt
2015-04-06 14:39 - 2015-03-13 03:39 - 00000000 ___HD () C:\ArcTemp
2015-04-03 16:57 - 2013-05-29 05:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-03 16:57 - 2013-05-29 05:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-03 10:48 - 2015-01-17 10:11 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2015-04-02 22:32 - 2014-09-16 14:49 - 00000200 _____ () C:\WINDOWS\system32\Drivers\LOCK.SSP
2015-04-02 16:52 - 2015-03-13 11:32 - 00000000 ____D () C:\Program Files (x86)\Chromium Logging
2015-04-02 16:52 - 2015-03-13 11:32 - 00000000 ____D () C:\Program Files (x86)\Chromium Logging
2015-03-31 02:48 - 2015-01-09 21:22 - 00553632 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-31 02:31 - 2013-10-26 21:36 - 08153088 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNHP.dll
2015-03-31 02:31 - 2013-10-26 21:36 - 08078848 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNGUI.exe
2015-03-31 02:31 - 2013-10-26 21:36 - 06101504 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2015-03-31 02:31 - 2013-10-26 21:36 - 02230784 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNX.dll
2015-03-31 02:31 - 2013-10-26 21:36 - 01897984 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2015-03-31 02:31 - 2013-10-26 21:36 - 01703424 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2015-03-31 02:31 - 2013-10-26 21:36 - 00464384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slapoi64.dll
2015-03-31 02:31 - 2013-10-26 21:36 - 00253952 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNJ.exe
2015-03-31 02:31 - 2013-10-26 21:36 - 00224768 _____ (IDT, Inc.) C:\WINDOWS\system32\HPToneCtrls64.dll
2015-03-31 02:31 - 2013-10-26 21:36 - 00042508 _____ () C:\WINDOWS\system32\DREAMWORKS.XML
2015-03-31 02:30 - 2013-03-20 05:21 - 03648400 _____ (Validity Sensors, Inc.) C:\WINDOWS\system32\vcsAPIFORWBF.dll
2015-03-31 02:29 - 2014-11-11 09:39 - 00002834 _____ () C:\WINDOWS\system32\RaCoInst.log
2015-03-28 13:43 - 2015-01-15 19:41 - 00000000 ____D () C:\Users\StevenBong\Documents\My Games
 
==================== Files in the root of some directories =======
 
2013-12-12 00:35 - 2015-01-02 14:35 - 0000954 _____ () C:\Users\StevenBong\AppData\Roaming\coreavc.ini
2015-01-21 23:11 - 2015-04-19 01:56 - 0045270 _____ () C:\Users\StevenBong\AppData\Roaming\room_v3.dat
2015-04-27 19:46 - 2015-04-27 19:46 - 0000000 _____ () C:\Users\StevenBong\AppData\Local\BITE27E.tmp
2014-03-25 15:48 - 2014-12-31 09:50 - 0017408 _____ () C:\Users\StevenBong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-27 19:25 - 2014-02-27 19:25 - 0000001 _____ () C:\Users\StevenBong\AppData\Local\RawCopy.1.02.agreement
2014-02-27 19:32 - 2014-04-30 12:27 - 0000056 _____ () C:\Users\StevenBong\AppData\Local\RawCopy.opendialog.dir
2014-02-27 19:32 - 2014-04-30 12:27 - 0000001 _____ () C:\Users\StevenBong\AppData\Local\RawCopy.opendialog.filterindex
2014-09-29 12:01 - 2014-09-29 12:01 - 0000085 _____ () C:\Users\StevenBong\AppData\Local\RawCopy.savedialog.dir
2014-09-29 12:01 - 2014-09-29 12:01 - 0000001 _____ () C:\Users\StevenBong\AppData\Local\RawCopy.savedialog.filterindex
2014-02-27 19:32 - 2014-02-27 19:32 - 0000068 _____ () C:\Users\StevenBong\AppData\Local\RawCopy.sourcedisk.filepath
2014-02-27 19:25 - 2014-09-29 11:59 - 0000001 _____ () C:\Users\StevenBong\AppData\Local\RawCopy.sourcedisk.index
2014-03-24 21:25 - 2014-03-24 21:25 - 0007609 _____ () C:\Users\StevenBong\AppData\Local\Resmon.ResmonCfg
2015-04-27 19:44 - 2015-04-27 19:44 - 0000000 _____ () C:\Users\StevenBong\AppData\Local\{7C732955-7D57-4367-A0C8-155D8EA2938E}
 
Some content of TEMP:
====================
C:\Users\StevenBong\AppData\Local\Temp\cabex.dll
C:\Users\StevenBong\AppData\Local\Temp\dllnt_dump.dll
C:\Users\StevenBong\AppData\Local\Temp\RunWizards.exe
C:\Users\StevenBong\AppData\Local\Temp\SetupUtils6.dll
C:\Users\StevenBong\AppData\Local\Temp\UNINSTALL.EXE
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-25 20:52
 
==================== End Of Log ============================


#14 ZiJie

ZiJie
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  

Posted 27 April 2015 - 09:56 AM

For the 2nd Log I had to split it because it was too long so don't mind the extra posts. D:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2015
Ran by StevenBong at 2015-04-27 21:32:17
Running from F:\
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1223779872-2193386940-3889843809-500 - Administrator - Disabled)
Guest (S-1-5-21-1223779872-2193386940-3889843809-501 - Limited - Disabled)
StevenBong (S-1-5-21-1223779872-2193386940-3889843809-1002 - Administrator - Enabled) => C:\Users\StevenBong
UpdatusUser (S-1-5-21-1223779872-2193386940-3889843809-1001 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1.3M WebCam (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10256 - Realtek Semiconductor Corp.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 7.0 Professional (HKLM-x32\...\Adobe Acrobat 7.0 Professional) (Version: 7.0.0 - Adobe Systems)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ArcGIS 10.2 for Desktop (HKLM-x32\...\ArcGIS 10.2 for Desktop) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2 for Desktop (x32 Version: 10.2.3348 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2 License Manager (HKLM-x32\...\ArcGIS 10.2 License Manager) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2 License Manager (x32 Version: 10.2.3348 - Environmental Systems Research Institute, Inc.) Hidden
ArcPad 10.2 (HKLM-x32\...\{BF8AC2CA-185D-48CB-8684-C9C3E603402E}) (Version: 10.2.00010023 - Environmental Systems Research Institute, Inc.)
ashcom (HKLM-x32\...\{081A2897-48A4-4178-9D88-6D584D2E6FD7}) (Version: 3.0.47 - Ashtech)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
ConfRadio (HKLM-x32\...\{60E3B586-09F5-4B47-86C7-4BC0638DF5D2}) (Version: 2.4.0 - Ashtech)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3919 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 10060 (Build 2599) - Speedbit Ltd.)
Driver Booster 2.2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.2 - IObit)
Elsword version v5.0225.6.3 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v5.0225.6.3 - KOGGAMES)
eMotion 2 (HKLM-x32\...\{4A16EDF3-CA98-4909-89D6-3AC4AC4CA425}) (Version: 2.4.3.2148 - senseFly)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Garena - CoreMasters (HKLM-x32\...\CMTW) (Version: 2015022602 - Garena Taiwan co., Ltd.)
Garena - League of Legends (HKLM-x32\...\LoL) (Version:  - Garena Online Pte Ltd.)
Garena+ (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
GeekBuddy (HKLM\...\{8EE6F031-FD37-45A2-95CE-696777FC4EC6}) (Version: 4.13.120 - Comodo Security Solutions Inc)
Geoid EGM96 (HKLM-x32\...\{9B7E3A6E-FCC1-4CA3-A015-2DBAA1CC38E2}) (Version: 1.02 - Ashtech)
Geoid WGeoid04 (HKLM-x32\...\{58509379-2992-430E-9631-F23C60B3F62C}) (Version: 1.02 - Ashtech)
Geoids (HKLM-x32\...\{7769EEDB-A2F6-43C4-AFE4-16577B03E11E}) (Version: 1.1.0 - Ashtech)
GlobalMapper 15 (64-bit) (HKLM\...\{BD01C78A-B54E-4A78-972C-9C5F867C5096}) (Version: 15.00.0010 - Blue Marble Geographics)
GNSS Solutions (HKLM-x32\...\{73FB3805-DDFF-11D6-902C-00104BB33C9D}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.0.5.2152 (HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\GoToMeeting) (Version: 7.0.5.2152 - CitrixOnline)
GPS Configurator (HKLM-x32\...\{98C804B5-1F22-487D-A15C-4DBA5FA9A901}) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C27D60E4-3132-45A3-A71A-E3BD1DA3F794}) (Version: 1.0.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6454.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.7.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel)
Internet Explorer 11 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-1122}_is1) (Version:  - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
liteCam HD (HKLM-x32\...\{49D77BFA-135A-49AD-9A8A-8488EADA562D}) (Version: 5.00.0007 - RSUPPORT)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{A047101C-A3AE-4FAD-802F-01C965079F66}) (Version: 11.1.3010.3 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA Graphics Driver 311.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.41 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Opera Stable 28.0.1750.51 (HKLM-x32\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
Postflight Terra 3D 3 (HKLM\...\{29B011CA-2DC3-4D14-863A-664384084380}) (Version: 3.2.88 - Pix4D)
Postflight Terra 3D-EB (HKLM\...\{29F8BF62-2875-4A58-B099-4F66364219AB}) (Version: 2.2.20 - Pix4D)
Postflight Terra LT (HKLM\...\{DB9FA4BB-E145-4393-953B-C50B7DF13D29}) (Version: 2.2.20 - Pix4D)
Ralink Bluetooth Stack64 (HKLM\...\{25C4294E-DDA8-EE68-0E16-FA6BD9C8684B}) (Version: 11.0.737.2 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.14 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21220 - Realtek Semiconductor Corp.)
RINEX Converter (HKLM-x32\...\{3CB01AE1-3F0D-4AA4-BFE6-66F7E7267FB8}) (Version: 4.5.6 - Spectra Precision)
RMP4 (HKLM-x32\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
SaLePlus (HKLM-x32\...\{B696F285-F54E-2524-58B1-E06A70ABE6BE}) (Version:  - ) <==== ATTENTION
SectionExtender (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{392f5ca0}) (Version:  - SectionExtender) <==== ATTENTION
Sentinel HASP Vendor Library (HKLM-x32\...\{C36D1DB0-7343-44C3-BC57-3B9C06325399}) (Version: 2.33.1.36535 - Trimble Navigation Ltd.)
Sentinel System Driver Installer 7.5.0 (HKLM-x32\...\{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}) (Version: 7.5.0 - SafeNet, Inc.)
Sidebar for Google Search (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Sins of a Solar Empire - Rebellion (HKLM-x32\...\Sins of a Solar Empire - Rebellion_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Spectra Precision Survey Office (HKLM\...\{0DD3C22F-8B57-4A10-BA9F-C40E42F137C4}) (Version: 3.21 - Spectra Precision)
Spectra Precision Survey Office Tutorials (HKLM-x32\...\{6B9D2119-0BDD-4EA7-BBE7-7045F9D7265B}) (Version: 3.10 - Spectra Precision)
Spectra Precision USB serial emulation (HKLM-x32\...\{C1E294B4-F84E-4B96-A0A1-F3D3F58F44AF}) (Version: 1.00.0000.1 - Spectra Precision)
SpeedBit Video Accelerator (HKLM-x32\...\SpeedBit Video Accelerator) (Version: 3380(build_3064) - SpeedBit Ltd.)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Full text search (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tekla Model Sharing Foundation, IFC import plugin 2.08 (HKLM-x32\...\{0B8508DE-23CC-4E3C-99C1-59835D5C393A}) (Version: 2.8.0 - Tekla Corporation)
Trimble Coordinate System Manager (64-bit) (HKLM\...\{C100E191-38DB-40AA-B3E7-1416CF9B353B}) (Version: 3.0.2.0 - Trimble Navigation Ltd.)
Trimble Feature Definition Manager (HKLM-x32\...\{AD170075-94A4-4551-8EAA-1E699AD6B9B8}) (Version: 2.17 - Trimble Navigation Ltd.)
Trimble Office Synchronizer (HKLM-x32\...\{24B3BD01-B091-4338-89E3-AAF0C2B30641}) (Version: 1.69 - Trimble Navigation Ltd.)
Trimble Remote Device Manager Update (HKLM-x32\...\{754D38CC-48F0-4E6A-B9E4-1BFB0B8E6AAE}) (Version: 14.10.13 - Trimble Navigation Ltd.)
Trimble Terramodel 10.42 Geocomp Update (HKLM-x32\...\{B400F361-45E6-4054-9FD2-F765E7B512B2}) (Version:  - )
Trimble Terramodel 10.43 (HKLM-x32\...\{A1E572BD-5E4C-41BA-BA73-8994885ED606}) (Version: 10.43 - )
Trimble Terramodel Visualizer 2.05 (HKLM-x32\...\{340930A0-62CA-4B9F-BC85-025FA0127F89}) (Version: 2.05 - )
Unity Web Player (HKU\S-1-5-21-1223779872-2193386940-3889843809-1002\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
USBTrace V2.8.0 (HKLM\...\USBTrace_is1) (Version:  - SysNucleus)
Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warframe (HKLM-x32\...\{CBFC50BE-963E-464B-A20E-8031064B647F}) (Version: 1.0.0 - Digital Extremes)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (03/13/2014 16.33.17.499) (HKLM\...\0B630B0935448A1F135653AD1688F7A7E54704C4) (Version: 03/13/2014 16.33.17.499 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (03/13/2014 16.33.3.381) (HKLM\...\6952BAC59901414DEDBEAD4403DF559CAE7E5CA7) (Version: 03/13/2014 16.33.3.381 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (12/18/2012 16.15.33.784) (HKLM\...\059922E00A8F2C0FF01380D1874ACF9EA0DB6AF7) (Version: 12/18/2012 16.15.33.784 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (03/13/2014 16.33.10.907) (HKLM\...\C4C099AAC98096DA48F89D03F9A04546203EB44B) (Version: 03/13/2014 16.33.10.907 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (03/13/2014 16.33.15.219) (HKLM\...\5EFEC1EF946B163733E922D1FB2A4CF0A3FFC393) (Version: 03/13/2014 16.33.15.219 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (12/18/2012 16.15.50.764) (HKLM\...\121CB60204C3F48E40D493B08A02CC344249A628) (Version: 12/18/2012 16.15.50.764 - FTDI)
Windows Driver Package - senseFly (WinUSB) Universal Serial Bus devices  (08/19/2014 13.40.3.94) (HKLM\...\E1A2E22FC0E9F05592359139924CA4267F42AB43) (Version: 08/19/2014 13.40.3.94 - senseFly)
Windows Driver Package - senseFly (WinUSB) Universal Serial Bus devices  (12/18/2012 15.11.34.958) (HKLM\...\377C5762CA00935694CD6E81A7F043FA2D247887) (Version: 12/18/2012 15.11.34.958 - senseFly)
Windows Driver Package - senseFly (WinUSB) Universal Serial Bus devices  (12/18/2012 15.11.43.348) (HKLM\...\F9935D81BE2496D1DCD5152806389D191A0D566D) (Version: 12/18/2012 15.11.43.348 - senseFly)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Movie Maker 6.1 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version:  - win-movie-maker-free)
Wise Program Uninstaller 1.65 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.65 - WiseCleaner.com, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1223779872-2193386940-3889843809-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1223779872-2193386940-3889843809-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\StevenBong\AppData\Local\Citrix\GoToMeeting\1298\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points  =========================
 
25-04-2015 20:47:35 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0050E2DA-E18D-47FA-9E6D-DF72306E4083} - System32\Tasks\G2MUpdateTask-S-1-5-21-1223779872-2193386940-3889843809-1002 => C:\Users\StevenBong\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe [2015-01-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {069F7EBC-729C-4851-A013-776699D38B55} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {0DF8F31E-933C-4693-A0C3-A6447CDFCE64} - \Bidaily Synchronize Task No Task File <==== ATTENTION
Task: {10C9E1F0-52F9-48CF-9BD0-564C8891D1A0} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-02-13] (IObit)
Task: {1D99793B-AEF7-4849-BA38-27A8393667ED} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {1F434018-E362-4621-8C03-E4D7A8A21009} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {265DF328-8A88-4DDA-AE07-50CE5511929E} - System32\Tasks\{E1075E62-4195-456B-B509-D37DFCB96C3A} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Office\Office14\PPTVIEW.EXE" -d C:\Users\StevenBong\Desktop
Task: {359F5B0C-55A8-4DC2-BB94-760627467C46} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-02-05] (IObit)
Task: {488150D4-4B04-4928-8090-60584710EF10} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {5209D06E-AD59-4C74-8CCE-AEC528AA64F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-21] (Google Inc.)
Task: {55ED9F9D-DCB5-4A1D-ADB9-62F74AFB5BB6} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {574B083F-B648-4C5F-9B44-01ABB1115679} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-13] (Piriform Ltd)
Task: {6215AECD-A39E-4F23-ABFC-8D87B4DA3ADF} - System32\Tasks\gg_uac_daemon_StevenBong => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {62A2D3C4-4EDC-4536-B4D4-C8F24C44E4AC} - System32\Tasks\PPTAssistantNotifyTask_StevenBong => C:\Users\StevenBong\AppData\Local\PPTAssist\notify.exe
Task: {62FF4096-474F-4EF6-8A7D-7D9603C49010} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {737A4E50-8C54-4B3C-9047-B9E70B35FF15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-06] (Hewlett-Packard Company)
Task: {7F8D6892-4951-4E95-AFAF-562F2F9E5696} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-18] (CyberLink)
Task: {A6436A16-10FE-4813-8EE7-8FF016D8E2D1} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BD1DDA3A-B993-40AF-8A69-9F615D45879F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {CB8897C5-EAD7-438A-BC61-0B311BA0ED78} - System32\Tasks\Opera scheduled Autoupdate 1429813244 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-07] (Opera Software)
Task: {D2BE157D-C462-48A9-B798-ABE34E243D88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-21] (Google Inc.)
Task: {D5CA7E6A-12B6-491F-8454-3B1D43BAB903} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {DAEB75B2-A0B4-44BD-A343-5A03B1E97DA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-28] (Hewlett-Packard Company)
Task: {E30F05DD-8623-46F1-83B0-AAE253BAA86D} - System32\Tasks\PPTAssistantUpdateTask_StevenBong => C:\Users\StevenBong\AppData\Local\PPTAssist\assistupdate.exe
Task: {FA6102BE-2058-43D1-A85E-802C21CDF01E} - System32\Tasks\Driver Booster SkipUAC (StevenBong) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-03-20] (IObit)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-27 09:03 - 2013-10-27 09:03 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2011-04-25 11:24 - 2011-04-25 11:24 - 00034304 _____ () C:\WINDOWS\System32\ssj1mlm.dll
2015-01-14 11:06 - 2015-01-20 20:20 - 00055896 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2013-02-14 01:35 - 2013-02-14 01:35 - 00180200 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-02-14 01:35 - 2013-02-14 01:35 - 00060392 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-03-20 05:21 - 2013-03-20 05:21 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-01-11 04:35 - 2013-01-11 04:35 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2014-10-03 17:36 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-01-14 11:06 - 2015-04-20 19:07 - 00865728 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2013-01-11 04:30 - 2013-01-11 04:30 - 00022528 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-02-28 08:55 - 2013-02-28 08:55 - 00381027 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-06 01:53 - 2011-07-06 01:53 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-01-11 04:35 - 2013-01-11 04:35 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2013-10-26 21:30 - 2013-02-16 08:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll


#15 ZiJie

ZiJie
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  

Posted 27 April 2015 - 10:03 AM

==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\admwprox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ahadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iisreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iisrstap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iisRtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetworkStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wamregps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users