Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have installed malware!


  • This topic is locked This topic is locked
16 replies to this topic

#1 Mattias84

Mattias84

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 28 March 2017 - 05:45 PM

I installed malicious software on my computer unknowingly and my computer had many malware processes running after that and it installed many ad programs and changed my browser homepage to some virus site also it created scheduled tasks in windows task scheduler. I have now used Rkill, Malwarebytes, HitmanPro & Adwcleaner to clean away many problems but I'm not sure if I am clear of all infections. I tried running the FRST program but when I click on scan the program just closes. My antivirus program was disabled when doing this. How can I get it to work properly? I have tried to do it in Safe Mode too but the same thing happens.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Marcus (administrator) on MARCUS-DATOR (29-03-2017 00:43:12)
Running from C:\FRST
Loaded Profiles: Marcus (Available Profiles: Marcus)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

========================================================

Edit: Running from recovery mode does give a log though.
 Replaced the attachment with that one.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by SYSTEM on MININT-U5H2KR9 (29-03-2017 02:30:40)
Running from C:\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-30] (COMODO)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-03-24] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-06-30] (Oracle Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-07-05] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-07-05] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-31] (BlueStack Systems, Inc.)
S2 cmdagent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-10-01] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-10-01] (COMODO)
S4 Dyyno Launcher; C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [415072 2011-08-31] ()
S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579424 2014-04-28] (Echobit LLC)
S2 MBAMService; C:\Program\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-03-24] (Malwarebytes)
S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-03-24] ()
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-04-28] (Echobit, LLC)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-29] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-29] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-29] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-29] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-29] (Malwarebytes)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1119072 2010-05-05] (Ralink Technology Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 TBPanel; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-28 23:10 - 2017-03-28 23:15 - 00243450 _____ C:\Windows\ntbtlog.txt
2017-03-28 22:55 - 2017-03-28 23:01 - 00004060 _____ C:\Users\Marcus\Desktop\Rkill.txt
2017-03-28 22:52 - 2017-03-28 22:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Marcus\Downloads\rkill_2.8.4.0.exe
2017-03-28 22:30 - 2017-03-28 23:06 - 00000000 ____D C:\AdwCleaner
2017-03-28 22:30 - 2017-03-28 22:30 - 04089296 _____ C:\Users\Marcus\Downloads\adwcleaner_6.045.exe
2017-03-28 21:37 - 2017-03-29 02:30 - 00000000 ____D C:\FRST
2017-03-26 05:07 - 2017-03-26 05:08 - 00021766 _____ C:\Users\Marcus\Documents\cc_20170326_060749.reg
2017-03-25 20:27 - 2017-03-25 20:27 - 00000000 _____ C:\Users\Marcus\Desktop\Nytt textdokument.txt
2017-03-25 19:00 - 2017-03-25 20:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-25 18:59 - 2017-03-25 18:59 - 00000000 ____D C:\Program Files\MalwarebytesAntiRootkit
2017-03-25 18:52 - 2017-03-25 18:52 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Marcus\Downloads\mbar-1.09.3.1001.exe
2017-03-25 02:35 - 2017-03-25 02:35 - 00003066 _____ C:\Windows\System32\.crusader
2017-03-25 01:34 - 2017-03-25 02:36 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-25 01:34 - 2017-03-25 01:34 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-25 01:32 - 2017-03-25 01:32 - 11581544 _____ (SurfRight B.V.) C:\Users\Marcus\Downloads\HitmanPro_x64.exe
2017-03-24 23:11 - 2017-03-29 01:19 - 00000085 _____ C:\Windows\wininit.ini
2017-03-24 23:04 - 2017-03-24 23:04 - 00766590 _____ C:\Users\Marcus\Documents\cc_20170324_230430.reg
2017-03-24 21:46 - 2017-03-29 01:26 - 00251840 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-03-24 21:46 - 2017-03-29 01:26 - 00186304 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2017-03-24 21:46 - 2017-03-29 01:26 - 00111544 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2017-03-24 21:46 - 2017-03-29 01:26 - 00082208 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-03-24 21:46 - 2017-03-29 01:26 - 00043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-03-24 21:46 - 2017-03-25 19:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-24 21:46 - 2017-03-24 21:46 - 00077408 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-03-24 21:46 - 2017-03-24 21:46 - 00001775 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-24 21:46 - 2017-03-24 21:46 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-24 21:38 - 2017-03-24 21:41 - 57131432 _____ (Malwarebytes ) C:\Users\Marcus\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-24 18:59 - 2017-03-24 19:22 - 00000000 ____D C:\Windows\System32\SSL
2017-03-15 22:49 - 2017-03-15 22:49 - 25746944 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 15259648 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 06045696 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 02895360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 02131456 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2017-03-15 22:49 - 2017-03-15 22:49 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 22:49 - 2017-03-15 22:49 - 01545728 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2017-03-15 22:49 - 2017-03-15 22:49 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00806912 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00725504 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-03-15 22:49 - 2017-03-15 22:49 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00576512 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00394448 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2017-03-15 22:49 - 2017-03-15 22:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 22:49 - 2017-03-15 22:49 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2017-03-15 22:49 - 2017-03-15 22:49 - 00107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 22:49 - 2017-03-15 22:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2017-03-15 22:49 - 2017-03-04 09:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2017-03-15 22:49 - 2017-03-02 19:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 22:48 - 2017-03-15 22:48 - 05548264 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 03220480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-03-15 22:48 - 2017-03-15 22:48 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01732864 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01574912 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00976896 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00880640 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00803328 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00730624 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00706792 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2017-03-15 22:48 - 2017-03-15 22:48 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00631176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2017-03-15 22:48 - 2017-03-15 22:48 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00625664 _____ (Microsoft Corporation) C:\Windows\System32\mscms.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00463872 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00462848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2017-03-15 22:48 - 2017-03-15 22:48 - 00419840 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2017-03-15 22:48 - 2017-03-15 22:48 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00345600 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-03-15 22:48 - 2017-03-15 22:48 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00250880 _____ (Microsoft Corporation) C:\Windows\System32\icm32.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2017-03-15 22:48 - 2017-03-15 22:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-03-15 22:48 - 2017-03-15 22:48 - 00154856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-03-15 22:48 - 2017-03-15 22:48 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-03-15 22:48 - 2017-03-15 22:48 - 00123904 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00095464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-03-15 22:48 - 2017-03-15 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00084480 _____ (Microsoft Corporation) C:\Windows\System32\INETRES.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2017-03-15 22:48 - 2017-03-15 22:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00059904 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00040960 _____ (Microsoft Corporation) C:\Windows\System32\WcsPlugInService.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 22:48 - 2017-03-15 22:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 22:48 - 2017-03-15 22:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2017-03-15 22:48 - 2017-03-04 09:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2017-03-15 22:48 - 2017-03-02 19:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 22:47 - 2017-03-15 22:47 - 01609216 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2017-03-15 22:47 - 2017-03-15 22:47 - 01285632 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-03-15 22:47 - 2017-03-15 22:47 - 00646656 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2017-03-15 22:47 - 2017-03-15 22:47 - 00556544 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2017-03-15 22:47 - 2017-03-15 22:47 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2017-03-15 22:47 - 2017-03-15 22:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2017-03-15 22:47 - 2017-03-15 22:47 - 00233984 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2017-03-15 22:47 - 2017-03-15 22:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2017-03-15 22:47 - 2017-03-15 22:47 - 00084712 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-29 01:29 - 2011-06-13 19:23 - 01474832 _____ C:\Windows\System32\Drivers\sfi.dat
2017-03-29 01:29 - 2009-07-14 05:45 - 00028944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-29 01:29 - 2009-07-14 05:45 - 00028944 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-29 01:25 - 2013-10-20 21:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-29 01:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-29 01:19 - 2016-11-18 16:36 - 00000000 ____D C:\Users\Marcus\AppData\LocalLow\Mozilla
2017-03-29 01:18 - 2013-10-20 21:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-29 00:02 - 2009-07-14 06:08 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-28 23:53 - 2013-04-04 12:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-28 23:19 - 2015-11-04 05:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-28 23:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-28 22:42 - 2014-12-12 22:46 - 00030046 _____ C:\Windows\System32\Drivers\fvstore.dat
2017-03-28 20:47 - 2011-07-05 19:31 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\vlc
2017-03-28 10:37 - 2010-11-21 12:38 - 00799910 _____ C:\Windows\System32\perfh01D.dat
2017-03-28 10:37 - 2010-11-21 12:38 - 00189986 _____ C:\Windows\System32\perfc01D.dat
2017-03-28 10:37 - 2009-07-14 06:13 - 01782098 _____ C:\Windows\System32\PerfStringBackup.INI
2017-03-27 13:28 - 2015-09-04 12:22 - 00003300 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-27 10:36 - 2013-08-22 20:56 - 00000000 ____D C:\Temp
2017-03-27 09:36 - 2010-11-21 04:27 - 00485032 _____ (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2017-03-24 23:01 - 2012-07-07 17:24 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-24 22:13 - 2015-09-04 12:23 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-24 21:26 - 2014-09-24 00:27 - 00000000 ____D C:\Users\Marcus\Desktop\Gammal Firefox-data
2017-03-24 19:12 - 2012-06-04 22:39 - 00000000 ____D C:\Spel
2017-03-20 03:56 - 2012-07-02 01:55 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Audacity
2017-03-20 03:50 - 2013-03-30 04:21 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Celemony Software GmbH
2017-03-20 02:48 - 2015-12-19 04:31 - 00000000 ____D C:\Users\Marcus\Desktop\Ljud
2017-03-19 21:20 - 2015-01-21 02:12 - 00000000 ____D C:\Users\Marcus\AppData\Local\Adobe
2017-03-19 21:20 - 2012-05-16 16:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-19 21:20 - 2012-05-16 16:31 - 00004350 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-19 21:20 - 2011-11-23 20:05 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-19 21:20 - 2011-11-23 20:05 - 00000000 ____D C:\Windows\System32\Macromed
2017-03-19 21:20 - 2011-02-18 12:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-16 11:40 - 2012-05-18 23:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-16 11:40 - 2012-05-18 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-16 11:40 - 2009-07-14 05:45 - 00284856 _____ C:\Windows\System32\FNTCACHE.DAT
2017-03-16 03:12 - 2014-12-12 17:35 - 00000000 ____D C:\Windows\System32\appraiser
2017-03-16 03:12 - 2014-05-07 02:01 - 00000000 ___SD C:\Windows\System32\CompatTel
2017-03-16 03:12 - 2013-08-15 02:02 - 00000000 ____D C:\Windows\System32\MRT
2017-03-16 03:12 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-16 03:07 - 2011-03-21 16:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-03-04 02:11 - 2011-03-15 16:41 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Skype

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-12 14:06] - [2016-10-12 14:06] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA

C:\Windows\SysWOW64\explorer.exe
[2016-10-12 14:06] - [2016-10-12 14:06] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-12-14 17:51] - [2016-12-14 17:51] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542

C:\Windows\SysWOW64\User32.dll
[2016-12-14 17:51] - [2016-12-14 17:51] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-03-07 23:33
Restore point date: 2017-03-16 03:01
Restore point date: 2017-03-25 02:30
Restore point date: 2017-03-25 02:35
Restore point date: 2017-03-27 09:35
Restore point date: 2017-03-28 20:41

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4062.05 MB
Available physical RAM: 3431.54 MB
Total Virtual: 4060.25 MB
Available Virtual: 3419.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:125.17 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (D3C1.0.0) (CDROM) (Total:7.6 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F1A3016C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

LastRegBack: 2017-03-24 17:09

==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   41.59KB   3 downloads

Edited by Mattias84, 28 March 2017 - 07:36 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,126 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:38 AM

Posted 30 March 2017 - 02:51 PM

Greetings Mattias84 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please rerun RKill and immediately thereafter, without rebooting, try to run FRST with a fresh download of the program.

Edited by Oh My!, 30 March 2017 - 03:04 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Mattias84

Mattias84
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 30 March 2017 - 03:01 PM

Hello Gary!

 

I am thankful of your assistance. I will await your instructions.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,126 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:38 AM

Posted 30 March 2017 - 03:08 PM

You are welcome. I modified the original post so you may have missed this:
 

Please rerun RKill and immediately thereafter, without rebooting, try to run FRST with a fresh download of the program.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Mattias84

Mattias84
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 30 March 2017 - 03:31 PM

Thank you Gary. RKill did indeed make FRST work. I recognize some malicious content here.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Marcus (administrator) on MARCUS-DATOR (30-03-2017 22:24:50)
Running from C:\FRST64
Loaded Profiles: Marcus (Available Profiles: Marcus)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

========================================================

C:\FRST\FRST64.exe => Win32/Suweezy? - moved successfully

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-30] (COMODO)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-03-24] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-06-30] (Oracle Corporation)
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {08e929c8-0b20-11e3-ac4a-bcaec5b706e9} - F:\setup.exe -a
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {0adb2e07-be32-11e1-8160-bcaec5b706e9} - G:\setup.exe
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {0de5ff1d-4bc5-11e0-8d03-806e6f6e6963} - "D:\Diablo III Setup.exe"
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {39bf7aef-83ee-11e0-88b2-bcaec5b706e9} - F:\AutoRunMorrowind.exe
ShellExecuteHooks: No Name - {24006EAC-0D56-11E7-8390-64006A5CFC23} -  -> No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{48C8FF73-05A4-4DF4-9E64-C695A769797B}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{48C8FF73-05A4-4DF4-9E64-C695A769797B}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{671ED450-690F-45D6-85B1-93B5A831B33F}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{F1022BE7-E901-4EBD-8BD8-8EAFA7273B7A}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-30] (Oracle Corporation)
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Toolbar: HKU\S-1-5-21-1415005557-2677456784-305995954-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1415005557-2677456784-305995954-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
DPF: HKLM-x32 {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625 [2017-03-30]
FF Extension: (BetterTTV) - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625\Extensions\firefox@betterttv.net.xpi [2017-03-24]
FF Extension: (FrankerFaceZ) - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625\Extensions\jid1-snHdAu6px3p0jA@jetpack.xpi [2017-03-24]
FF Extension: (uBlock Origin) - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625\Extensions\uBlock0@raymondhill.net.xpi [2017-03-24]
FF Extension: (Search by Image for Google) - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2017-03-26]
FF Extension: (Site Deployment Checker) - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625\features\{a0050757-8309-40cc-876c-db8ae03d6c20}\deployment-checker@mozilla.org.xpi [2017-03-29]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-23] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1415005557-2677456784-305995954-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marcus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-01] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1415005557-2677456784-305995954-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-23] (Pando Networks)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.youndoo.com/?z=97772902e52797de2bda7c8g3z3t9e7c7mebbwec9z&from=wak&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUA30144401444&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.youndoo.com/?z=97772902e52797de2bda7c8g3z3t9e7c7mebbwec9z&from=wak&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUA30144401444&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.youndoo.com/search/?q={searchTerms}&z=97772902e52797de2bda7c8g3z3t9e7c7mebbwec9z&from=wak&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUA30144401444&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> youndoo
CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-25] <==== ATTENTION
CHR Extension: (BetterTTV) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-07-08]
CHR Extension: (Adblock Plus) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default [2017-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-07-05] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-07-05] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-31] (BlueStack Systems, Inc.)
R2 cmdagent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-10-01] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-10-01] (COMODO)
S4 Dyyno Launcher; C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [415072 2011-08-31] ()
S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579424 2014-04-28] (Echobit LLC)
R2 MBAMService; C:\Program\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-03-24] (Malwarebytes)
S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-03-24] ()
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-04-28] (Echobit, LLC)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-30] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-30] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-30] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1119072 2010-05-05] (Ralink Technology Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 TBPanel; no ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 22:20 - 2017-03-30 22:24 - 00000000 ____D C:\FRST64
2017-03-29 00:10 - 2017-03-29 00:15 - 00243450 _____ C:\Windows\ntbtlog.txt
2017-03-28 23:55 - 2017-03-30 22:23 - 00004060 _____ C:\Users\Marcus\Desktop\Rkill.txt
2017-03-28 23:52 - 2017-03-28 23:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Marcus\Downloads\rkill_2.8.4.0.exe
2017-03-28 23:30 - 2017-03-29 00:06 - 00000000 ____D C:\AdwCleaner
2017-03-28 23:30 - 2017-03-28 23:30 - 04089296 _____ C:\Users\Marcus\Downloads\adwcleaner_6.045.exe
2017-03-28 22:37 - 2017-03-30 22:24 - 00000000 ____D C:\FRST
2017-03-26 06:07 - 2017-03-26 06:08 - 00021766 _____ C:\Users\Marcus\Documents\cc_20170326_060749.reg
2017-03-25 21:27 - 2017-03-25 21:27 - 00000000 _____ C:\Users\Marcus\Desktop\Nytt textdokument.txt
2017-03-25 20:00 - 2017-03-25 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-25 19:59 - 2017-03-25 19:59 - 00000000 ____D C:\Program Files\MalwarebytesAntiRootkit
2017-03-25 19:52 - 2017-03-25 19:52 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Marcus\Downloads\mbar-1.09.3.1001.exe
2017-03-25 03:35 - 2017-03-25 03:35 - 00003066 _____ C:\Windows\system32\.crusader
2017-03-25 02:34 - 2017-03-25 03:36 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-25 02:34 - 2017-03-25 02:34 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-25 02:32 - 2017-03-25 02:32 - 11581544 _____ (SurfRight B.V.) C:\Users\Marcus\Downloads\HitmanPro_x64.exe
2017-03-25 00:11 - 2017-03-29 02:19 - 00000085 _____ C:\Windows\wininit.ini
2017-03-25 00:04 - 2017-03-25 00:04 - 00766590 _____ C:\Users\Marcus\Documents\cc_20170324_230430.reg
2017-03-24 22:46 - 2017-03-30 21:03 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-24 22:46 - 2017-03-30 11:45 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-24 22:46 - 2017-03-30 11:45 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-24 22:46 - 2017-03-30 11:45 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-24 22:46 - 2017-03-30 11:45 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-24 22:46 - 2017-03-25 20:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-24 22:46 - 2017-03-24 22:46 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-24 22:46 - 2017-03-24 22:46 - 00001775 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-24 22:46 - 2017-03-24 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-24 22:46 - 2017-03-24 22:46 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-24 22:38 - 2017-03-24 22:41 - 57131432 _____ (Malwarebytes ) C:\Users\Marcus\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-24 19:59 - 2017-03-24 20:22 - 00000000 ____D C:\Windows\system32\SSL
2017-03-15 23:49 - 2017-03-15 23:49 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 23:49 - 2017-03-15 23:49 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 23:49 - 2017-03-15 23:49 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 23:49 - 2017-03-15 23:49 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 23:49 - 2017-03-15 23:49 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 23:49 - 2017-03-15 23:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 23:49 - 2017-03-15 23:49 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 23:49 - 2017-03-15 23:49 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 23:49 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 23:49 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 23:48 - 2017-03-15 23:48 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 23:48 - 2017-03-15 23:48 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 23:48 - 2017-03-15 23:48 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 23:48 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 23:48 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 23:47 - 2017-03-15 23:47 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 22:24 - 2011-06-13 20:23 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2017-03-30 15:03 - 2016-11-18 17:36 - 00000000 ____D C:\Users\Marcus\AppData\LocalLow\Mozilla
2017-03-30 11:58 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-30 11:58 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-30 11:44 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-29 02:25 - 2013-10-20 22:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-29 02:18 - 2013-10-20 22:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-29 01:02 - 2009-07-14 07:08 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-29 00:53 - 2013-04-04 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-29 00:19 - 2015-11-04 06:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-29 00:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-03-28 23:42 - 2014-12-12 23:46 - 00030046 _____ C:\Windows\system32\Drivers\fvstore.dat
2017-03-28 21:47 - 2011-07-05 20:31 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\vlc
2017-03-28 11:37 - 2010-11-21 13:38 - 00799910 _____ C:\Windows\system32\perfh01D.dat
2017-03-28 11:37 - 2010-11-21 13:38 - 00189986 _____ C:\Windows\system32\perfc01D.dat
2017-03-28 11:37 - 2009-07-14 07:13 - 01782098 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-27 14:28 - 2015-09-04 13:22 - 00003300 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-27 11:36 - 2013-08-22 21:56 - 00000000 ____D C:\Temp
2017-03-27 10:36 - 2010-11-21 05:27 - 00485032 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-25 00:01 - 2012-07-07 18:24 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-24 23:13 - 2015-09-04 13:23 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-24 23:13 - 2015-09-04 13:23 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-24 22:51 - 2011-03-15 17:33 - 00001417 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-24 22:26 - 2014-09-24 01:27 - 00000000 ____D C:\Users\Marcus\Desktop\Gammal Firefox-data
2017-03-24 20:12 - 2012-06-04 23:39 - 00000000 ____D C:\Spel
2017-03-20 04:56 - 2012-07-02 02:55 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Audacity
2017-03-20 04:50 - 2013-03-30 05:21 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Celemony Software GmbH
2017-03-20 03:48 - 2015-12-19 05:31 - 00000000 ____D C:\Users\Marcus\Desktop\Ljud
2017-03-19 22:20 - 2015-01-21 03:12 - 00000000 ____D C:\Users\Marcus\AppData\Local\Adobe
2017-03-19 22:20 - 2012-05-16 17:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-19 22:20 - 2012-05-16 17:31 - 00004350 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-19 22:20 - 2011-11-23 21:05 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-19 22:20 - 2011-11-23 21:05 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-19 22:20 - 2011-02-18 13:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-16 12:40 - 2012-05-19 00:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-16 12:40 - 2012-05-19 00:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-16 12:40 - 2009-07-14 06:45 - 00284856 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-16 04:12 - 2014-12-12 18:35 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-16 04:12 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-16 04:12 - 2013-08-15 03:02 - 00000000 ____D C:\Windows\system32\MRT
2017-03-16 04:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-16 04:07 - 2011-03-21 17:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-16 04:04 - 2012-05-19 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-04 15:09 - 2012-10-14 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-03-04 15:09 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-04 03:11 - 2011-03-15 17:41 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2011-09-29 19:07 - 2011-09-29 19:07 - 0000032 _____ () C:\Program Files\plugins-04041e-fe8.dat
2012-11-26 21:22 - 2016-08-13 18:36 - 0000027 _____ () C:\Program Files\plugins.dat
2014-06-18 22:34 - 2014-06-18 22:36 - 6010880 _____ () C:\Program Files (x86)\GUT4041.tmp
2014-07-09 19:09 - 2014-07-09 19:13 - 6010880 _____ () C:\Program Files (x86)\GUTDA67.tmp
2011-10-20 19:38 - 2011-10-20 19:39 - 0000258 _____ () C:\Users\Marcus\AppData\Roaming\ANICONFIG_{FB52F7BE-6781-4B79-B003-B466E2D7E271}.ini
2012-06-23 17:49 - 2012-06-23 17:49 - 0000094 _____ () C:\Users\Marcus\AppData\Local\fusioncache.dat
2013-09-25 22:03 - 2014-01-13 16:31 - 0007605 _____ () C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg
2011-03-15 17:43 - 2011-03-15 17:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 18:09

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Marcus (30-03-2017 22:26:27)
Running from C:\FRST64
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-15 15:33:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-1415005557-2677456784-305995954-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1415005557-2677456784-305995954-1007 - Limited - Enabled)
Gäst (S-1-5-21-1415005557-2677456784-305995954-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1415005557-2677456784-305995954-1005 - Limited - Enabled)
Marcus (S-1-5-21-1415005557-2677456784-305995954-1000 - Administrator - Enabled) => C:\Users\Marcus

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Spore" (HKLM-x32\...\{6D35DF2D-7523-4CB6-9E8F-A1660D9F8637}_is1) (Version: 3.0.0.2818 - )
.sol Editor 1.1.0.1 (HKLM-x32\...\.sol Editor) (Version: 1.1.0.1 - alexisisaac.net)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AmazingMIDI (HKLM-x32\...\AmazingMIDI) (Version:  - )
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
BankID säkerhetsprogram (HKLM-x32\...\{77B5BCDC-5496-48DA-8B16-5EE2AF08CA31}) (Version: 7.2.1.1 - Finansiell ID-Teknik BID AB)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{C1F53C9F-C560-4292-9237-12786FE6BF62}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Celemony Melodyne version 2.1 (HKLM\...\Celemony Melodyne_is1) (Version:  - Copyright © 2001-2012 Celemony Software GmbH)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Closure (HKLM-x32\...\Steam App 72000) (Version:  - )
COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.4.58750.1355 - COMODO Security Solutions Inc.)
Counter-Strike (HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\Counter-Strike) (Version:  - )
Creatures of Darkness (HKLM-x32\...\{5B616A3F-43D9-4F0B-9F49-D39342A98592}) (Version: 3.3.0 - Screaming Bee LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darkest Dungeon (HKLM-x32\...\1450711444_is1) (Version: 2.6.0.10 - GOG.com)
Deep Space Voices (HKLM-x32\...\{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}) (Version: 3.3.0 - Screaming Bee)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Duck Game (HKLM-x32\...\Steam App 312530) (Version:  - Landon Podbielski)
Dyyno Broadcaster (HKLM-x32\...\Dyyno Broadcaster) (Version:  - Dyyno, Inc.)
Easy Auto Clicker (HKLM-x32\...\Easy Auto Clicker_is1) (Version: V2.0 - easyautoclicker.com)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.3 - Echobit, LLC)
EXPERTool 7.16 (HKLM-x32\...\MySSID_is1) (Version:  - Gainward Co., Ltd)
Fantasy Voice Pack (HKLM-x32\...\{8061C2C9-C2A3-4550-A3FC-585B646840CB}) (Version: 1.3.0 - Screaming Bee)
Faster Than Light (HKLM-x32\...\Faster Than Light_is1) (Version:  - GOG.com)
Female Voice Pack (HKLM-x32\...\{71F8C486-8A13-468E-8B73-06051075556A}) (Version: 3.3.1 - Screaming Bee)
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
Fritz11 (HKLM-x32\...\{1A637513-CC46-4C3B-8114-1E4F1D71CF42}) (Version: 11 - ChessBase)
Fritz11 (x32 Version: 11 - ChessBase) Hidden
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.3.0.13 - GOG.com)
Furry Voices for Second Life (HKLM-x32\...\{0DB44859-4112-4946-BE5E-A4275B3FFB5E}) (Version: 1.3.0 - Screaming Bee)
Galactic Voices (HKLM-x32\...\{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}) (Version: 1.3.0 - Screaming Bee)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Handi (HKLM-x32\...\Handi) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\Heroes of Might and Magic 3 Complete_is1) (Version:  - GOG.com)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
i-Menu 3.8 (HKLM-x32\...\i-Menu_is1) (Version:  - AOC)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Male Voice Pack (HKLM-x32\...\{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}) (Version: 1.3.0 - Screaming Bee)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klicka-och-kör 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - svenska (HKLM-x32\...\{90140011-0066-041D-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MorphVOX Junior (HKLM-x32\...\{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}) (Version: 2.7.5 - Screaming Bee)
MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Ditt företagsnamn)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Mozilla Firefox 52.0.2 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 sv-SE)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Little Investigations (HKLM-x32\...\MyLittleInvestigations) (Version: 1.0.0 - Equestrian Dreamers)
NVIDIA 3D Vision drivrutin 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision drivrutin för styrenhet 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD audiodrivrutin 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX systemprogramvara 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.0.22479 - Grinding Gear Games)
Personality Voices (HKLM-x32\...\{29C042AB-059B-414C-840E-94775E3F24A8}) (Version: 1.0.0 - Screaming Bee)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
Recettear: An Item Shop's Tale (HKLM-x32\...\Recettear: An Item Shop's Tale_is1) (Version:  - )
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Rogue Legacy Demo version 1.0 (HKLM-x32\...\Rogue Legacy Demo_is1) (Version: 1.0 - )
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Sci-Fi Voice Pack (HKLM-x32\...\{216E21F4-0489-4311-92D6-20D1FB950FCE}) (Version: 1.3.0 - Screaming Bee)
Scrolls (HKLM-x32\...\Scrolls 1.0.0) (Version: 1.0.0 - Mojang)
Scrolls (x32 Version: 1.0.0 - Mojang) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.8.0.10 - GOG.com)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
The Binding Of Isaac - Wrath Of The Lamb version 1.333 (HKLM-x32\...\{3999D318-8FE3-4770-800E-6819F6755C83}_is1) (Version: 1.333 - Edmund McMillen)
Translator Fun Voice Pack (HKLM-x32\...\{602A1471-063B-4E03-9DCE-0210B914EFF5}) (Version: 1.5.0 - Screaming Bee)
Unity Web Player (HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows-drivrutinspaket - ATK (MTsensor) System  (01/21/2008 1043.5.0.0) (HKLM\...\505F021F1B23359ACC152FEFEB18B3C2C5FF82EA) (Version: 01/21/2008 1043.5.0.0 - ATK)
Windows-drivrutinspaket - ATK (MTsensor) System  (07/16/2009 1043.6.0.0) (HKLM\...\55AAC8B3C1559D5D378114A88513466A7ECEC7BD) (Version: 07/16/2009 1043.6.0.0 - ATK)
Windows-drivrutinspaket - ATK (MTsensor) System  (10/19/2006 1043.4.0.0) (HKLM\...\0CA7189BDF03FE9EFA6911458ECB1F37C74E4CFD) (Version: 10/19/2006 1043.4.0.0 - ATK)
Windows-drivrutinspaket - Intel (HECIx64) System  (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows-drivrutinspaket - Intel hdc  (06/08/2010 7.0.0.1013) (HKLM\...\FF1953CFE4B2D49E4631CEBB994B797CD6869771) (Version: 06/08/2010 7.0.0.1013 - Intel)
Windows-drivrutinspaket - Intel System  (06/08/2010 1.0.0.0002) (HKLM\...\9211BB4F3B42621F5ACA608E4FD9736D7D66A7E3) (Version: 06/08/2010 1.0.0.0002 - Intel)
Windows-drivrutinspaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-drivrutinspaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-drivrutinspaket - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows-drivrutinspaket - Realtek (RTL8169) Net  (12/30/2010 6.246.1230.2010) (HKLM\...\732AF68A4185DF91101684C75BA30B2A50AB34D2) (Version: 12/30/2010 6.246.1230.2010 - Realtek)
Windows-drivrutinspaket - Realtek Semiconductor Corp. HD Audio Driver (02/24/2011 6.0.1.6316) (HKLM\...\DD1FD6132BDF836322F014E2EEF77EAF2EABB69F) (Version: 02/24/2011 6.0.1.6316 - Realtek Semiconductor Corp.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A5DD6C6-611F-415A-8B19-6E10261C90E8} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {884E23FC-56F7-478F-AE63-14B752F87D58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-19] (Adobe Systems Incorporated)
Task: {9200A799-9BD4-496E-BEA1-590271C55516} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-01] (COMODO)
Task: {A97F2765-71ED-4B2D-B4ED-542F85D52FE1} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-01] (COMODO)
Task: {BE1671E1-1D90-4E15-A04C-1BE9AEAE1DCF} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {C8ADC6FD-4D50-472C-A4DA-2D17A3AEE107} - \{050E0B47-7E0E-780C-0A11-09050A79110E} -> No File <==== ATTENTION
Task: {CD46EBCF-EE25-4364-AA4E-17D2E1BEA74A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {D3C5353A-074D-4E74-9409-874C4D3D6716} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DC118A7B-CB55-488B-8166-88FCC554B89C} - System32\Tasks\{78339AC3-47B9-46EC-A96C-2810D5B233AB} => pcalua.exe -a C:\Setupfiler\daemon-tools.exe -d C:\Users\Marcus\Desktop
Task: {DD6ABE0A-A08C-4CEC-AB58-5D0022CE0E3B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-30] (COMODO)
Task: {E05EF6FA-3805-43DA-92E1-4E5DA9FC935A} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-01] (COMODO)
Task: {F6EB21FF-C176-4673-996C-6B8E7499E268} - System32\Tasks\Alarm Clock => C:\Users\Marcus\Documents\Mattias\myopoutro.wav [2015-01-18] ()
Task: {F6EDB6A6-36CC-42EE-ACDB-8936982A4799} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-01] (COMODO)
Task: {FBFC1D70-15EE-4F35-94A6-6A3C3A09836A} - System32\Tasks\{768EF6F3-D005-44B4-8F40-612D79A43599} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/10

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-07-05 20:22 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-03-24 22:46 - 2017-03-24 22:46 - 02264352 _____ () C:\PROGRAM\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-24 22:46 - 2017-03-24 22:46 - 02264528 _____ () C:\PROGRAM\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2011-10-30 22:02 - 2016-03-16 12:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbae64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Desktop\59e8ca467eba951bf75fc62879982a38.webm:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Desktop\59e8ca467eba951bf75fc62879982a38.webm:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\78c7e30d2976b8fc0556f9fd25f876ce.webm:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\bockey.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\ClickerHeroes_v6769.swf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\maridia.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\Misc Cartoons - Bjornes Magasin Theme (Pro).gp5:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Desktop\Misc Cartoons - Bjornes Magasin Theme (Pro).gp5:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\Misc Television - Benny Hill Yakety Sax (power tab).ptb:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Desktop\Misc Television - Benny Hill Yakety Sax (power tab).ptb:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\Niji no Silkroad FAQ_Walkthrough for NES by enigmaopoeia - GameFAQs.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\Zelda's Lullaby - jeffersonian.mid:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Desktop\Zelda's Lullaby - jeffersonian.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\10308130_10201267247118947_1252060997705063121_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\10859478_4991475720407_306375846_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\10924821_10200175834954325_5231791396673580453_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\10928619_10200174786888124_1325861142_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\10965253_10200282171492672_1226724545_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\11062038_10200431089415527_1009982493938724365_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\11121759_10200468477790213_397634202_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\11350095_10200694714085979_169740253_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\11721274_10200809886125208_402636928_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\11756632_10200800169922309_319085236_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12495026_10201274966591929_8041165069211901385_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12509071_10201314249573979_8415694479388891329_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12512826_10201275481724807_5200156723101867415_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12644650_10201332146981403_5310552871512379804_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12651226_10201356610232969_3250841662129829476_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12931094_10201613773941901_4777843676247307510_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\1994-02-21 Royal Berks Social Club, Reading , UK (Speed Corrected) (.flac).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\1995-11-05 Nottingham, rock city (ecm909).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\1995-12-04 Paradiso Amsterdam, Holland DAT (zomb, dime) (.flac).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\285020_10150260285687584_3431176_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\3-2.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\35248_1423485321224_1876915_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\379608_3206249970879_2038104901_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\387740_10150440402431674_1560692094_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\390966_10150440401741674_1802007622_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\549734_4021027658159_1545306168_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\550318_3051884831847_1935695448_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\557978_3051871991526_23439360_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\7fe6041d8d34575babfecb77ae91ddd9.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\957Dyn.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\9d5abef11df8f24d91708a5f7d9f1d2f.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\adwcleaner_6.045.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\AM2R_10.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\AM2R_10.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\anarchy.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\AngelThump.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Bach_-_WTC_I,_Prelude_in_D_Major_ii-V-I.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\BAD APPLE!! Piano version (1).mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\BankID_installation_7_2_1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\BankID_installation_7_2_1.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Batman2_-_GothamInDanger (1).mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\BlankDream105.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\bloodhound-1-645mk070411.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\BlueStacks-ThinInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Boerboel_head.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\Boerboel_head.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\CaptBeyond-liveanth-5x5.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\ChromeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\d21vu35cjx7sd4.cloudfront.net.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Difang Duana (Kuo Ying-nan) and Igay Duana (Kuo Hsiu-chu)  )-Jubilant Drinking Song www.mp3lio.net .mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\Difang Duana (Kuo Ying-nan) and Igay Duana (Kuo Hsiu-chu)  )-Jubilant Drinking Song www.mp3lio.net .mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\foobar2000_v1.3.7.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\foobar2000_v1.3.7.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\forsenlol.csv:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\forsenlol.csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\French-Bulldog-pros-and-cons-000.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Heroes of Might & Magic 2.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\HitmanPro_x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\HitmanPro_x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\images.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\IMG_00002192.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\jre-8u91-windows-i586-iftw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\jre-8u91-windows-i586-iftw.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\justin.csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\mbar-1.09.3.1001.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Marcus\Downloads\mbar-1.09.3.1001.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Misc Computer Games - F-zero Gx - Big Blue (Pro).gp5:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\MLP-FIM.S04E13.Simple.Ways-Ponyship.CC.mp4:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\MLP-FIM.S04E13.Simple.Ways-Ponyship.CC.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\MLP-FIM.S04E14.Filli.Vanilli-Ponyship.CC.mp4:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\MLP-FIM.S04E14.Filli.Vanilli-Ponyship.CC.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Mozart-_Coda-_Sonata_in_C_Major,_K._309,_I (1).mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Mozart-_Coda-_Sonata_in_C_Major,_K._309,_I.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\MyLittleInvestigationsInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Pantera - Floods (Pro).gp5:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Pearl Jam - In Hiding (Pro).gp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Progresión_quintas.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\qbittorrent_3.3.3_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\qbittorrent_3.3.3_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\r9013.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\rkill_2.8.4.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\RPGVXAce_RTP.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Schezwan Sauce (Chinese) Recipe.rtf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Scorpions - Rock You Like A Hurricane (Pro).gp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Shoyonoido_Mako-chan_-_Episode_02.mpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\SkypeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Snarling-Gray-Wolf-006.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\spikesleep2thelook.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Tom Petty - I Wont Back Down (Pro).gp5:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Touhou Project - Bad Apple (Pro).gp5:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Vi-ii-V-I_in_C.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\VLDC Scores.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\wolf-01.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\beforecrazy.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\BeforeFifthTrancension.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\BeforeFourthTrancend.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\beforesecondtrancend.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\BeforethirdTrancend.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\Bleh.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHero Before dumping.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave backup.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave1.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave2.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave3.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave4.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave5.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave6.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave8.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSaveBeforelastrespec.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSaveBeforeTrancend.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSavel.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSaveOptim.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSaveReSpec.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\rng.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Public\Desktop\Post Win10 Spybot-install.exe:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7934 more sites.

IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\123simsen.com -> www.123simsen.com

There are 7934 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-03-25 00:25 - 00454408 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15593 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1415005557-2677456784-305995954-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: DeviceMonitorService => 2
MSCONFIG\Services: Dyyno Launcher => 2
MSCONFIG\Services: EvoSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MotoHelper => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: COMODO Internet Security => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dyyno Launcher => "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
MSCONFIG\startupreg: GAINWARD => C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
MSCONFIG\startupreg: Google Update => "C:\Users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Unattend0000000001{BD0602BF-1C7D-412B-8C7F-5851F6B5E995} => c:\komplett\bakgrunn.vbs

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9F41F742-98C4-4155-A7E6-05AFF28F763B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{62F2FFA7-66C3-4908-8AFD-D8032788E65D}] => (Allow) LPort=2869
FirewallRules: [{D69F2543-C6AC-4B43-B996-0C3627097B78}] => (Allow) LPort=1900
FirewallRules: [{FF04C998-E35D-4EBB-B45B-54D6FFD17C78}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0C9E0917-C499-4F49-AAEF-11F331F90816}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{90B051DE-43BD-4C79-B595-01E6F23320AF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DD0725F5-6769-4403-8A0E-9037FDEB79BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{D3F1BBCE-5B94-4627-BB76-095D2B025CD6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{8DE01452-15FB-495F-92FB-58711ADA6AD3}] => (Allow) C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dppm_source.exe
FirewallRules: [{16A4E380-5CC7-45E4-AAA6-9DA0D4C8D93F}] => (Allow) C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dppm_source.exe
FirewallRules: [{DB154668-25AB-4F30-A25A-85DE5373A165}] => (Allow) C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dgcsrv.exe
FirewallRules: [{E175A785-1EAB-423B-9878-83DD795BB3E9}] => (Allow) C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dgcsrv.exe
FirewallRules: [TCP Query User{83DD0FCE-F52D-4830-81DE-A0001DEA3026}C:\program files (x86)\heroes of newerth\hon.exe] => (Allow) C:\program files (x86)\heroes of newerth\hon.exe
FirewallRules: [UDP Query User{C59B7940-5966-41CB-BD96-62BB17C366E7}C:\program files (x86)\heroes of newerth\hon.exe] => (Allow) C:\program files (x86)\heroes of newerth\hon.exe
FirewallRules: [{74868F37-6055-4AAB-AF66-427E48554B19}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{19245853-92EE-448A-B4F5-24675A76ADFA}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A663E0DD-F5D1-46AA-BA21-2A81F3FE7CB9}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{8514A522-4D89-4A0A-A153-E57722AE6FE9}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{B4624D40-936E-447A-BB9D-AC63E59A0C04}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{C222314B-DBB8-4943-B8BA-7BF3BE65B33F}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{56B04139-8918-471F-8C61-B7226822C47C}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{512B20CF-D533-48E7-ADC3-4BE002797E62}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD9D32C4-CF07-4B55-811A-E60760DA70C9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{ED33161D-9FC2-487B-B45D-947793AA95EE}C:\spel\cs\hl.exe] => (Allow) C:\spel\cs\hl.exe
FirewallRules: [UDP Query User{4C1FDBE0-52BB-443F-AE36-3DDC0844F39D}C:\spel\cs\hl.exe] => (Allow) C:\spel\cs\hl.exe
FirewallRules: [TCP Query User{C0839A93-D390-4402-8AA3-3330D0B463F5}C:\program files (x86)\motorola media link\lite\mml.exe] => (Allow) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [UDP Query User{DBC203B1-C9AD-48F9-931C-DECA312ADEE6}C:\program files (x86)\motorola media link\lite\mml.exe] => (Allow) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [{015C6C67-9701-47FD-B242-4ADD380C2B68}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{2ABA2178-DEEA-42C3-B195-62AC311A5C62}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{30660E67-B9D9-45AF-B231-F6757CD6D4C3}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{EDD1FD29-04CB-4790-998C-2E99E5291D8C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{683058F6-A7D9-45EC-A1F3-9D86664C73C5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{390D4E95-F40C-4C6D-A480-292CE58DCC96}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{45D9D8F3-1E53-4E58-BA63-C4EFCC63C2D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Closure\Closure.exe
FirewallRules: [{DB767426-D883-4883-81A5-53A8F1803872}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Closure\Closure.exe
FirewallRules: [{EDFDE5D6-54B0-4A56-AEA4-B04BA6FF331E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{C8281384-2F9B-47B8-9F40-4FA9A8C05F82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{19B2F872-1364-4905-AEF6-CD644FD64254}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{97232E7B-22BF-462A-81EE-A1150D3BBE5D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{0D8CEB5B-FB3D-432A-9404-375DA5BB32EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{CA93F5D2-20B1-4B0A-B703-453585803236}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{F8205913-1DD8-41CF-AB57-69C7D582A4C3}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{7BF45503-338E-494A-BBA3-D172FF92B02E}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{85C3553C-C891-4175-8704-2FB3030375F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{50F476F9-C7E8-4C22-8EA4-547D9B184FC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{337A6493-FB9E-478D-9021-32DE1E468DAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0265E9AA-D0DB-4B9B-8A14-3892B17BDC40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{778C278E-F4C9-4B52-BF27-390E575F12F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9B9B46D9-3988-4D7C-892C-88888A7C6F94}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{124F37B1-1FA8-433A-A031-1F6784D6AE96}] => (Allow) C:\Spel\Spore\SporeBin\SporeApp.exe
FirewallRules: [{6B1D0515-189C-444A-99C2-2428B7F352D7}] => (Allow) C:\Spel\Spore\SporeBin\SporeApp.exe
FirewallRules: [{FCDCD580-1376-4D89-8E7F-23F612BEE5FF}] => (Allow) C:\Spel\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{8E3025D0-3C64-4A48-8537-8F7448513ED3}] => (Allow) C:\Spel\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{D5F710E0-89AD-4D76-909A-1530B99F3BD2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F08E5C80-405F-4070-BECF-81FEF397DAC3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{76378383-A58C-4EB6-99CF-EC64AF86F398}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6B636D2-4A28-4283-BE5B-B8A35000BDDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7BA39236-0D9E-4F55-B345-6CC55E4C0F78}C:\program files (x86)\motorola media link\lite\mml.exe] => (Block) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [UDP Query User{CFA3A457-EBDC-44E7-B9E8-5FB961832792}C:\program files (x86)\motorola media link\lite\mml.exe] => (Block) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [TCP Query User{2F016D74-E150-4C38-885D-0D549EFE98CB}C:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Allow) C:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [UDP Query User{BE3E3B17-FCDB-43A4-9600-D2AED85949E0}C:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Allow) C:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [TCP Query User{D1A50C41-1E3E-477C-97D1-CC32FAEBBA74}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{CBE5346F-4230-4861-A2E0-96D30598EEA7}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{C7E483FD-8C15-43EA-A112-0C1CAC3B2CE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [{3C709B45-8691-4176-8CAF-47FD7DD2C096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [{8E0263ED-1DB2-44C2-BC73-3AE64398404E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{542CBD61-09E6-4AEE-A00E-FF035E6F6D48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{321DD50D-3D17-4B73-B214-59C5F3526237}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AE8E4328-BCEE-4848-AF3C-BD1864148BB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5A3CA317-A642-4EAB-86ED-5BD3D1809998}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{892D4E78-0129-4EFF-A2BD-E3CD209655BF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{87B6D41B-857D-472D-A529-BF1E1C6319FD}C:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Block) C:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [UDP Query User{7D5986CD-D26B-4B66-B80F-C9BC567977A5}C:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Block) C:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [TCP Query User{F76C83FB-287C-4033-9439-9B3E054FA660}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{FC4CFD02-57FC-4477-893B-44A0759239E7}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{9B57BE69-C741-4AE0-BE33-EE4ACD719B5C}C:\spel\cs\hl.exe] => (Allow) C:\spel\cs\hl.exe
FirewallRules: [UDP Query User{A3FF3537-FD06-49F4-A254-E0D9FE021335}C:\spel\cs\hl.exe] => (Allow) C:\spel\cs\hl.exe
FirewallRules: [{724B515A-009C-43E9-AC4E-26F1D420A179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{A31C2248-6DFE-44EA-A808-B707EA1BBBEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{65D3ABD4-4133-4CCE-AC7A-38435606310F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3D7692C6-2BBB-4CCF-B78E-D3EC5609D93C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{76F8D05C-A6BD-4502-A816-DB393A80CAEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{7CCDA5C3-D3C2-47C3-A51A-2E9ED38B5F4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{3CC0DE81-2A1B-4E37-95F1-B6D02FB4F7C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{DD04A714-C00B-4A05-80D4-C37CB343F3ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe

==================== Restore Points =========================

08-03-2017 00:33:31 Schemalagd kontrollpunkt
16-03-2017 04:00:22 Windows Update
25-03-2017 03:29:39 Checkpoint by HitmanPro
25-03-2017 03:35:27 Checkpoint by HitmanPro
27-03-2017 10:34:30 Windows Update

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2017 11:46:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 07:22:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: firefox.exe, version 52.0.2.6291, tidsstämpel 0x58d41a2d
, felet uppstod i modulen med namn: mozglue.dll, version 52.0.2.6291, tidsstämpel 0x58d41a1f
Undantagskod: 0x80000003
Felförskjutning: 0x0000f73b
Process-ID: 0x544
Programmets starttid: 0x01d2a8b0b52f82f5
Sökväg till program: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Sökväg till modul: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Rapport-ID: 5426c860-14a4-11e7-b5ee-bcaec5b706e9

Error: (03/29/2017 07:22:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 52.0.2.6291, tidsstämpel 0x58d41e88
, felet uppstod i modulen med namn: mozglue.dll, version 52.0.2.6291, tidsstämpel 0x58d41a1f
Undantagskod: 0x80000003
Felförskjutning: 0x0000f73b
Process-ID: 0x1084
Programmets starttid: 0x01d2a8b0e8720ecb
Sökväg till program: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Sökväg till modul: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Rapport-ID: 4b717fab-14a4-11e7-b5ee-bcaec5b706e9

Error: (03/29/2017 05:46:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 02:34:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 02:27:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 01:54:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 01:03:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 12:54:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 12:18:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/29/2017 01:55:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Spybot-S&D 2 Scanner Service kunde inte startas på grund av följande fel:
Tjänsten svarade inte på start- eller kontrollbegäran i tid.

Error: (03/29/2017 01:55:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Spybot-S&D 2 Scanner Service skulle ansluta.

Error: (03/29/2017 01:54:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Spybot-S&D 2 Scanner Service kunde inte startas på grund av följande fel:
Tjänsten svarade inte på start- eller kontrollbegäran i tid.

Error: (03/29/2017 01:54:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Spybot-S&D 2 Scanner Service skulle ansluta.

Error: (03/29/2017 01:04:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Spybot-S&D 2 Scanner Service kunde inte startas på grund av följande fel:
Tjänsten svarade inte på start- eller kontrollbegäran i tid.

Error: (03/29/2017 01:04:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Spybot-S&D 2 Scanner Service skulle ansluta.

Error: (03/29/2017 01:03:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Spybot-S&D 2 Scanner Service kunde inte startas på grund av följande fel:
Tjänsten svarade inte på start- eller kontrollbegäran i tid.

Error: (03/29/2017 01:03:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Spybot-S&D 2 Scanner Service skulle ansluta.

Error: (03/29/2017 12:54:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Spybot-S&D 2 Scanner Service kunde inte startas på grund av följande fel:
Tjänsten svarade inte på start- eller kontrollbegäran i tid.

Error: (03/29/2017 12:54:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Spybot-S&D 2 Scanner Service skulle ansluta.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 66%
Total physical RAM: 4062.05 MB
Available physical RAM: 1367.08 MB
Total Virtual: 8122.29 MB
Available Virtual: 5164.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:125.85 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (D3C1.0.0) (CDROM) (Total:7.6 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F1A3016C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,126 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:38 AM

Posted 30 March 2017 - 03:55 PM

Great,

 

While I am reviewing the logs could you post the RKill report?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Mattias84

Mattias84
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 30 March 2017 - 04:00 PM

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/30/2017 10:19:42 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * TBS [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found:

  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    www.100sexlinks.com
  127.0.0.1    100sexlinks.com

  20 out of 15625 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 03/30/2017 10:23:53 PM
Execution time: 0 hours(s), 4 minute(s), and 11 seconds(s)
 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,126 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:38 AM

Posted 30 March 2017 - 04:16 PM

Thank you for the information.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {08e929c8-0b20-11e3-ac4a-bcaec5b706e9} - F:\setup.exe -a
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {0adb2e07-be32-11e1-8160-bcaec5b706e9} - G:\setup.exe
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {0de5ff1d-4bc5-11e0-8d03-806e6f6e6963} - "D:\Diablo III Setup.exe"
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {39bf7aef-83ee-11e0-88b2-bcaec5b706e9} - F:\AutoRunMorrowind.exe
ShellExecuteHooks: No Name - {24006EAC-0D56-11E7-8390-64006A5CFC23} -  -> No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Toolbar: HKU\S-1-5-21-1415005557-2677456784-305995954-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1415005557-2677456784-305995954-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
CHR HomePage: ChromeDefaultData -> hxxp://www.youndoo.com/?z=97772902e52797de2bda7c8g3z3t9e7c7mebbwec9z&from=wak&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUA30144401444&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.youndoo.com/?z=97772902e52797de2bda7c8g3z3t9e7c7mebbwec9z&from=wak&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUA30144401444&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.youndoo.com/search/?q={searchTerms}&z=97772902e52797de2bda7c8g3z3t9e7c7mebbwec9z&from=wak&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUA30144401444&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> youndoo
CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-25] <==== ATTENTION
2017-03-25 00:11 - 2017-03-29 02:19 - 00000085 _____ C:\Windows\wininit.ini
2017-03-24 19:59 - 2017-03-24 20:22 - 00000000 ____D C:\Windows\system32\SSL
Task: {C8ADC6FD-4D50-472C-A4DA-2D17A3AEE107} - \{050E0B47-7E0E-780C-0A11-09050A79110E} -> No File <==== ATTENTION
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • After your computer reboots attempt to run a FRST scan without first running RKill
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST scan?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Mattias84

Mattias84
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 30 March 2017 - 04:36 PM

Thank you so much for the help. FRST scan is working without running RKill. Here are the Fixlog and FRST scan results.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Marcus (30-03-2017 23:22:26) Run:1
Running from C:\FRST64
Loaded Profiles: Marcus (Available Profiles: Marcus)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {08e929c8-0b20-11e3-ac4a-bcaec5b706e9} - F:\setup.exe -a
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {0adb2e07-be32-11e1-8160-bcaec5b706e9} - G:\setup.exe
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {0de5ff1d-4bc5-11e0-8d03-806e6f6e6963} - "D:\Diablo III Setup.exe"
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\MountPoints2: {39bf7aef-83ee-11e0-88b2-bcaec5b706e9} - F:\AutoRunMorrowind.exe
ShellExecuteHooks: No Name - {24006EAC-0D56-11E7-8390-64006A5CFC23} -  -> No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Toolbar: HKU\S-1-5-21-1415005557-2677456784-305995954-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1415005557-2677456784-305995954-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
CHR HomePage: ChromeDefaultData -> hxxp://www.youndoo.com/?z=97772902e52797de2bda7c8g3z3t9e7c7mebbwec9z&from=wak&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUA30144401444&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.youndoo.com/?z=97772902e52797de2bda7c8g3z3t9e7c7mebbwec9z&from=wak&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUA30144401444&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.youndoo.com/search/?q={searchTerms}&z=97772902e52797de2bda7c8g3z3t9e7c7mebbwec9z&from=wak&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUA30144401444&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> youndoo
CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-25] <==== ATTENTION
2017-03-25 00:11 - 2017-03-29 02:19 - 00000085 _____ C:\Windows\wininit.ini
2017-03-24 19:59 - 2017-03-24 20:22 - 00000000 ____D C:\Windows\system32\SSL
Task: {C8ADC6FD-4D50-472C-A4DA-2D17A3AEE107} - \{050E0B47-7E0E-780C-0A11-09050A79110E} -> No File <==== ATTENTION
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08e929c8-0b20-11e3-ac4a-bcaec5b706e9} => key removed successfully
HKCR\CLSID\{08e929c8-0b20-11e3-ac4a-bcaec5b706e9} => key not found.
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0adb2e07-be32-11e1-8160-bcaec5b706e9} => key removed successfully
HKCR\CLSID\{0adb2e07-be32-11e1-8160-bcaec5b706e9} => key not found.
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de5ff1d-4bc5-11e0-8d03-806e6f6e6963} => key removed successfully
HKCR\CLSID\{0de5ff1d-4bc5-11e0-8d03-806e6f6e6963} => key not found.
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39bf7aef-83ee-11e0-88b2-bcaec5b706e9} => key removed successfully
HKCR\CLSID\{39bf7aef-83ee-11e0-88b2-bcaec5b706e9} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{24006EAC-0D56-11E7-8390-64006A5CFC23} => value removed successfully
HKCR\CLSID\{24006EAC-0D56-11E7-8390-64006A5CFC23} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key removed successfully
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value removed successfully
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => key not found.
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
C:\Windows\wininit.ini => moved successfully
C:\Windows\system32\SSL => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8ADC6FD-4D50-472C-A4DA-2D17A3AEE107} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8ADC6FD-4D50-472C-A4DA-2D17A3AEE107} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{050E0B47-7E0E-780C-0A11-09050A79110E} => key removed successfully


The system needed a reboot.

==== End of Fixlog 23:24:03 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Marcus (administrator) on MARCUS-DATOR (30-03-2017 23:29:41)
Running from C:\FRST64
Loaded Profiles: Marcus (Available Profiles: Marcus)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-30] (COMODO)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-03-24] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-06-30] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{48C8FF73-05A4-4DF4-9E64-C695A769797B}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{48C8FF73-05A4-4DF4-9E64-C695A769797B}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{671ED450-690F-45D6-85B1-93B5A831B33F}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{F1022BE7-E901-4EBD-8BD8-8EAFA7273B7A}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-1415005557-2677456784-305995954-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-30] (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
DPF: HKLM-x32 {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625 [2017-03-30]
FF Extension: (BetterTTV) - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625\Extensions\firefox@betterttv.net.xpi [2017-03-24]
FF Extension: (FrankerFaceZ) - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625\Extensions\jid1-snHdAu6px3p0jA@jetpack.xpi [2017-03-24]
FF Extension: (uBlock Origin) - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625\Extensions\uBlock0@raymondhill.net.xpi [2017-03-24]
FF Extension: (Search by Image for Google) - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2017-03-26]
FF Extension: (Site Deployment Checker) - C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\wapczp0u.default-1490387188625\features\{a0050757-8309-40cc-876c-db8ae03d6c20}\deployment-checker@mozilla.org.xpi [2017-03-29]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-29] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-23] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1415005557-2677456784-305995954-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marcus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-01] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1415005557-2677456784-305995954-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-06-23] (Pando Networks)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default [2017-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-07-05] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-07-05] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-31] (BlueStack Systems, Inc.)
R2 cmdagent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-10-01] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-10-01] (COMODO)
S4 Dyyno Launcher; C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [415072 2011-08-31] ()
S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579424 2014-04-28] (Echobit LLC)
R2 MBAMService; C:\Program\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-03-24] (Malwarebytes)
S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-03-24] ()
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-04-28] (Echobit, LLC)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-30] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-30] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-30] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1119072 2010-05-05] (Ralink Technology Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 TBPanel; no ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 22:20 - 2017-03-30 23:24 - 00000000 ____D C:\FRST64
2017-03-29 00:10 - 2017-03-29 00:15 - 00243450 _____ C:\Windows\ntbtlog.txt
2017-03-28 23:55 - 2017-03-30 22:23 - 00004060 _____ C:\Users\Marcus\Desktop\Rkill.txt
2017-03-28 23:52 - 2017-03-28 23:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Marcus\Downloads\rkill_2.8.4.0.exe
2017-03-28 23:30 - 2017-03-29 00:06 - 00000000 ____D C:\AdwCleaner
2017-03-28 23:30 - 2017-03-28 23:30 - 04089296 _____ C:\Users\Marcus\Downloads\adwcleaner_6.045.exe
2017-03-28 22:37 - 2017-03-30 23:29 - 00000000 ____D C:\FRST
2017-03-26 06:07 - 2017-03-26 06:08 - 00021766 _____ C:\Users\Marcus\Documents\cc_20170326_060749.reg
2017-03-25 21:27 - 2017-03-25 21:27 - 00000000 _____ C:\Users\Marcus\Desktop\Nytt textdokument.txt
2017-03-25 20:00 - 2017-03-25 21:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-25 19:59 - 2017-03-25 19:59 - 00000000 ____D C:\Program Files\MalwarebytesAntiRootkit
2017-03-25 19:52 - 2017-03-25 19:52 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Marcus\Downloads\mbar-1.09.3.1001.exe
2017-03-25 03:35 - 2017-03-25 03:35 - 00003066 _____ C:\Windows\system32\.crusader
2017-03-25 02:34 - 2017-03-25 03:36 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-25 02:34 - 2017-03-25 02:34 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-25 02:32 - 2017-03-25 02:32 - 11581544 _____ (SurfRight B.V.) C:\Users\Marcus\Downloads\HitmanPro_x64.exe
2017-03-25 00:04 - 2017-03-25 00:04 - 00766590 _____ C:\Users\Marcus\Documents\cc_20170324_230430.reg
2017-03-24 22:46 - 2017-03-30 23:26 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-24 22:46 - 2017-03-30 23:26 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-24 22:46 - 2017-03-30 23:26 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-24 22:46 - 2017-03-30 23:26 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-24 22:46 - 2017-03-30 23:26 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-24 22:46 - 2017-03-25 20:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-24 22:46 - 2017-03-24 22:46 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-24 22:46 - 2017-03-24 22:46 - 00001775 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-24 22:46 - 2017-03-24 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-24 22:46 - 2017-03-24 22:46 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-24 22:38 - 2017-03-24 22:41 - 57131432 _____ (Malwarebytes ) C:\Users\Marcus\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-15 23:49 - 2017-03-15 23:49 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 23:49 - 2017-03-15 23:49 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 23:49 - 2017-03-15 23:49 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 23:49 - 2017-03-15 23:49 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 23:49 - 2017-03-15 23:49 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 23:49 - 2017-03-15 23:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 23:49 - 2017-03-15 23:49 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 23:49 - 2017-03-15 23:49 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 23:49 - 2017-03-15 23:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 23:49 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 23:49 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 23:48 - 2017-03-15 23:48 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 23:48 - 2017-03-15 23:48 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 23:48 - 2017-03-15 23:48 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 23:48 - 2017-03-15 23:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 23:48 - 2017-03-15 23:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 23:48 - 2017-03-15 23:48 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 23:48 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 23:48 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 23:47 - 2017-03-15 23:47 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-15 23:47 - 2017-03-15 23:47 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 23:27 - 2016-11-18 17:36 - 00000000 ____D C:\Users\Marcus\AppData\LocalLow\Mozilla
2017-03-30 23:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-30 23:24 - 2011-06-13 20:23 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2017-03-30 11:58 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-30 11:58 - 2009-07-14 06:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-29 02:25 - 2013-10-20 22:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-29 02:18 - 2013-10-20 22:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-29 01:02 - 2009-07-14 07:08 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-29 00:53 - 2013-04-04 13:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-29 00:19 - 2015-11-04 06:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-29 00:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-03-28 23:42 - 2014-12-12 23:46 - 00030046 _____ C:\Windows\system32\Drivers\fvstore.dat
2017-03-28 21:47 - 2011-07-05 20:31 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\vlc
2017-03-28 11:37 - 2010-11-21 13:38 - 00799910 _____ C:\Windows\system32\perfh01D.dat
2017-03-28 11:37 - 2010-11-21 13:38 - 00189986 _____ C:\Windows\system32\perfc01D.dat
2017-03-28 11:37 - 2009-07-14 07:13 - 01782098 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-27 14:28 - 2015-09-04 13:22 - 00003300 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-27 11:36 - 2013-08-22 21:56 - 00000000 ____D C:\Temp
2017-03-27 10:36 - 2010-11-21 05:27 - 00485032 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-03-25 00:01 - 2012-07-07 18:24 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-24 23:13 - 2015-09-04 13:23 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-24 23:13 - 2015-09-04 13:23 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-24 22:51 - 2011-03-15 17:33 - 00001417 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-24 22:26 - 2014-09-24 01:27 - 00000000 ____D C:\Users\Marcus\Desktop\Gammal Firefox-data
2017-03-24 20:12 - 2012-06-04 23:39 - 00000000 ____D C:\Spel
2017-03-20 04:56 - 2012-07-02 02:55 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Audacity
2017-03-20 04:50 - 2013-03-30 05:21 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Celemony Software GmbH
2017-03-20 03:48 - 2015-12-19 05:31 - 00000000 ____D C:\Users\Marcus\Desktop\Ljud
2017-03-19 22:20 - 2015-01-21 03:12 - 00000000 ____D C:\Users\Marcus\AppData\Local\Adobe
2017-03-19 22:20 - 2012-05-16 17:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-19 22:20 - 2012-05-16 17:31 - 00004350 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-19 22:20 - 2011-11-23 21:05 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-19 22:20 - 2011-11-23 21:05 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-19 22:20 - 2011-02-18 13:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-16 12:40 - 2012-05-19 00:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-16 12:40 - 2012-05-19 00:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-16 12:40 - 2009-07-14 06:45 - 00284856 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-16 04:12 - 2014-12-12 18:35 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-16 04:12 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-16 04:12 - 2013-08-15 03:02 - 00000000 ____D C:\Windows\system32\MRT
2017-03-16 04:12 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-16 04:07 - 2011-03-21 17:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-16 04:04 - 2012-05-19 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-04 15:09 - 2012-10-14 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-03-04 15:09 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-04 03:11 - 2011-03-15 17:41 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2011-09-29 19:07 - 2011-09-29 19:07 - 0000032 _____ () C:\Program Files\plugins-04041e-fe8.dat
2012-11-26 21:22 - 2016-08-13 18:36 - 0000027 _____ () C:\Program Files\plugins.dat
2014-06-18 22:34 - 2014-06-18 22:36 - 6010880 _____ () C:\Program Files (x86)\GUT4041.tmp
2014-07-09 19:09 - 2014-07-09 19:13 - 6010880 _____ () C:\Program Files (x86)\GUTDA67.tmp
2011-10-20 19:38 - 2011-10-20 19:39 - 0000258 _____ () C:\Users\Marcus\AppData\Roaming\ANICONFIG_{FB52F7BE-6781-4B79-B003-B466E2D7E271}.ini
2012-06-23 17:49 - 2012-06-23 17:49 - 0000094 _____ () C:\Users\Marcus\AppData\Local\fusioncache.dat
2013-09-25 22:03 - 2014-01-13 16:31 - 0007605 _____ () C:\Users\Marcus\AppData\Local\Resmon.ResmonCfg
2011-03-15 17:43 - 2011-03-15 17:43 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 18:09

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Marcus (30-03-2017 23:32:20)
Running from C:\FRST64
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-15 15:33:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-1415005557-2677456784-305995954-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1415005557-2677456784-305995954-1007 - Limited - Enabled)
Gäst (S-1-5-21-1415005557-2677456784-305995954-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1415005557-2677456784-305995954-1005 - Limited - Enabled)
Marcus (S-1-5-21-1415005557-2677456784-305995954-1000 - Administrator - Enabled) => C:\Users\Marcus

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Spore" (HKLM-x32\...\{6D35DF2D-7523-4CB6-9E8F-A1660D9F8637}_is1) (Version: 3.0.0.2818 - )
.sol Editor 1.1.0.1 (HKLM-x32\...\.sol Editor) (Version: 1.1.0.1 - alexisisaac.net)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AmazingMIDI (HKLM-x32\...\AmazingMIDI) (Version:  - )
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
BankID säkerhetsprogram (HKLM-x32\...\{77B5BCDC-5496-48DA-8B16-5EE2AF08CA31}) (Version: 7.2.1.1 - Finansiell ID-Teknik BID AB)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{C1F53C9F-C560-4292-9237-12786FE6BF62}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Celemony Melodyne version 2.1 (HKLM\...\Celemony Melodyne_is1) (Version:  - Copyright © 2001-2012 Celemony Software GmbH)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Closure (HKLM-x32\...\Steam App 72000) (Version:  - )
COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.4.58750.1355 - COMODO Security Solutions Inc.)
Counter-Strike (HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\Counter-Strike) (Version:  - )
Creatures of Darkness (HKLM-x32\...\{5B616A3F-43D9-4F0B-9F49-D39342A98592}) (Version: 3.3.0 - Screaming Bee LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darkest Dungeon (HKLM-x32\...\1450711444_is1) (Version: 2.6.0.10 - GOG.com)
Deep Space Voices (HKLM-x32\...\{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}) (Version: 3.3.0 - Screaming Bee)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Duck Game (HKLM-x32\...\Steam App 312530) (Version:  - Landon Podbielski)
Dyyno Broadcaster (HKLM-x32\...\Dyyno Broadcaster) (Version:  - Dyyno, Inc.)
Easy Auto Clicker (HKLM-x32\...\Easy Auto Clicker_is1) (Version: V2.0 - easyautoclicker.com)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.3 - Echobit, LLC)
EXPERTool 7.16 (HKLM-x32\...\MySSID_is1) (Version:  - Gainward Co., Ltd)
Fantasy Voice Pack (HKLM-x32\...\{8061C2C9-C2A3-4550-A3FC-585B646840CB}) (Version: 1.3.0 - Screaming Bee)
Faster Than Light (HKLM-x32\...\Faster Than Light_is1) (Version:  - GOG.com)
Female Voice Pack (HKLM-x32\...\{71F8C486-8A13-468E-8B73-06051075556A}) (Version: 3.3.1 - Screaming Bee)
foobar2000 v1.3.7 (HKLM-x32\...\foobar2000) (Version: 1.3.7 - Peter Pawlowski)
Fritz11 (HKLM-x32\...\{1A637513-CC46-4C3B-8114-1E4F1D71CF42}) (Version: 11 - ChessBase)
Fritz11 (x32 Version: 11 - ChessBase) Hidden
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.3.0.13 - GOG.com)
Furry Voices for Second Life (HKLM-x32\...\{0DB44859-4112-4946-BE5E-A4275B3FFB5E}) (Version: 1.3.0 - Screaming Bee)
Galactic Voices (HKLM-x32\...\{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}) (Version: 1.3.0 - Screaming Bee)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Handi (HKLM-x32\...\Handi) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\Heroes of Might and Magic 3 Complete_is1) (Version:  - GOG.com)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
i-Menu 3.8 (HKLM-x32\...\i-Menu_is1) (Version:  - AOC)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Male Voice Pack (HKLM-x32\...\{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}) (Version: 1.3.0 - Screaming Bee)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klicka-och-kör 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - svenska (HKLM-x32\...\{90140011-0066-041D-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MorphVOX Junior (HKLM-x32\...\{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}) (Version: 2.7.5 - Screaming Bee)
MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Ditt företagsnamn)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Mozilla Firefox 52.0.2 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 sv-SE)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Little Investigations (HKLM-x32\...\MyLittleInvestigations) (Version: 1.0.0 - Equestrian Dreamers)
NVIDIA 3D Vision drivrutin 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision drivrutin för styrenhet 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD audiodrivrutin 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX systemprogramvara 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.0.22479 - Grinding Gear Games)
Personality Voices (HKLM-x32\...\{29C042AB-059B-414C-840E-94775E3F24A8}) (Version: 1.0.0 - Screaming Bee)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
Recettear: An Item Shop's Tale (HKLM-x32\...\Recettear: An Item Shop's Tale_is1) (Version:  - )
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Rogue Legacy Demo version 1.0 (HKLM-x32\...\Rogue Legacy Demo_is1) (Version: 1.0 - )
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Sci-Fi Voice Pack (HKLM-x32\...\{216E21F4-0489-4311-92D6-20D1FB950FCE}) (Version: 1.3.0 - Screaming Bee)
Scrolls (HKLM-x32\...\Scrolls 1.0.0) (Version: 1.0.0 - Mojang)
Scrolls (x32 Version: 1.0.0 - Mojang) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.8.0.10 - GOG.com)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
The Binding Of Isaac - Wrath Of The Lamb version 1.333 (HKLM-x32\...\{3999D318-8FE3-4770-800E-6819F6755C83}_is1) (Version: 1.333 - Edmund McMillen)
Translator Fun Voice Pack (HKLM-x32\...\{602A1471-063B-4E03-9DCE-0210B914EFF5}) (Version: 1.5.0 - Screaming Bee)
Unity Web Player (HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows-drivrutinspaket - ATK (MTsensor) System  (01/21/2008 1043.5.0.0) (HKLM\...\505F021F1B23359ACC152FEFEB18B3C2C5FF82EA) (Version: 01/21/2008 1043.5.0.0 - ATK)
Windows-drivrutinspaket - ATK (MTsensor) System  (07/16/2009 1043.6.0.0) (HKLM\...\55AAC8B3C1559D5D378114A88513466A7ECEC7BD) (Version: 07/16/2009 1043.6.0.0 - ATK)
Windows-drivrutinspaket - ATK (MTsensor) System  (10/19/2006 1043.4.0.0) (HKLM\...\0CA7189BDF03FE9EFA6911458ECB1F37C74E4CFD) (Version: 10/19/2006 1043.4.0.0 - ATK)
Windows-drivrutinspaket - Intel (HECIx64) System  (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows-drivrutinspaket - Intel hdc  (06/08/2010 7.0.0.1013) (HKLM\...\FF1953CFE4B2D49E4631CEBB994B797CD6869771) (Version: 06/08/2010 7.0.0.1013 - Intel)
Windows-drivrutinspaket - Intel System  (06/08/2010 1.0.0.0002) (HKLM\...\9211BB4F3B42621F5ACA608E4FD9736D7D66A7E3) (Version: 06/08/2010 1.0.0.0002 - Intel)
Windows-drivrutinspaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-drivrutinspaket - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows-drivrutinspaket - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows-drivrutinspaket - Realtek (RTL8169) Net  (12/30/2010 6.246.1230.2010) (HKLM\...\732AF68A4185DF91101684C75BA30B2A50AB34D2) (Version: 12/30/2010 6.246.1230.2010 - Realtek)
Windows-drivrutinspaket - Realtek Semiconductor Corp. HD Audio Driver (02/24/2011 6.0.1.6316) (HKLM\...\DD1FD6132BDF836322F014E2EEF77EAF2EABB69F) (Version: 02/24/2011 6.0.1.6316 - Realtek Semiconductor Corp.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A5DD6C6-611F-415A-8B19-6E10261C90E8} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {884E23FC-56F7-478F-AE63-14B752F87D58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-19] (Adobe Systems Incorporated)
Task: {9200A799-9BD4-496E-BEA1-590271C55516} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-01] (COMODO)
Task: {A97F2765-71ED-4B2D-B4ED-542F85D52FE1} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-01] (COMODO)
Task: {BE1671E1-1D90-4E15-A04C-1BE9AEAE1DCF} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {CD46EBCF-EE25-4364-AA4E-17D2E1BEA74A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {D3C5353A-074D-4E74-9409-874C4D3D6716} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DC118A7B-CB55-488B-8166-88FCC554B89C} - System32\Tasks\{78339AC3-47B9-46EC-A96C-2810D5B233AB} => pcalua.exe -a C:\Setupfiler\daemon-tools.exe -d C:\Users\Marcus\Desktop
Task: {DD6ABE0A-A08C-4CEC-AB58-5D0022CE0E3B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-30] (COMODO)
Task: {E05EF6FA-3805-43DA-92E1-4E5DA9FC935A} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-01] (COMODO)
Task: {F6EB21FF-C176-4673-996C-6B8E7499E268} - System32\Tasks\Alarm Clock => C:\Users\Marcus\Documents\Mattias\myopoutro.wav [2015-01-18] ()
Task: {F6EDB6A6-36CC-42EE-ACDB-8936982A4799} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-10-01] (COMODO)
Task: {FBFC1D70-15EE-4F35-94A6-6A3C3A09836A} - System32\Tasks\{768EF6F3-D005-44B4-8F40-612D79A43599} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/10

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-07-05 20:22 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2017-03-24 22:46 - 2017-03-24 22:46 - 02264352 _____ () C:\PROGRAM\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-24 22:46 - 2017-03-24 22:46 - 02264528 _____ () C:\PROGRAM\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2011-10-30 22:02 - 2016-03-16 12:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chajei.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10.IME:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imkr80.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\phon.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quick.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tintlgnt.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbae64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Desktop\59e8ca467eba951bf75fc62879982a38.webm:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Desktop\59e8ca467eba951bf75fc62879982a38.webm:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\78c7e30d2976b8fc0556f9fd25f876ce.webm:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\bockey.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\ClickerHeroes_v6769.swf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\maridia.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\Misc Cartoons - Bjornes Magasin Theme (Pro).gp5:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Desktop\Misc Cartoons - Bjornes Magasin Theme (Pro).gp5:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\Misc Television - Benny Hill Yakety Sax (power tab).ptb:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Desktop\Misc Television - Benny Hill Yakety Sax (power tab).ptb:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\Niji no Silkroad FAQ_Walkthrough for NES by enigmaopoeia - GameFAQs.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Desktop\Zelda's Lullaby - jeffersonian.mid:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Desktop\Zelda's Lullaby - jeffersonian.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\10308130_10201267247118947_1252060997705063121_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\10859478_4991475720407_306375846_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\10924821_10200175834954325_5231791396673580453_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\10928619_10200174786888124_1325861142_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\10965253_10200282171492672_1226724545_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\11062038_10200431089415527_1009982493938724365_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\11121759_10200468477790213_397634202_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\11350095_10200694714085979_169740253_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\11721274_10200809886125208_402636928_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\11756632_10200800169922309_319085236_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12495026_10201274966591929_8041165069211901385_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12509071_10201314249573979_8415694479388891329_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12512826_10201275481724807_5200156723101867415_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12644650_10201332146981403_5310552871512379804_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12651226_10201356610232969_3250841662129829476_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\12931094_10201613773941901_4777843676247307510_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\1994-02-21 Royal Berks Social Club, Reading , UK (Speed Corrected) (.flac).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\1995-11-05 Nottingham, rock city (ecm909).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\1995-12-04 Paradiso Amsterdam, Holland DAT (zomb, dime) (.flac).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\285020_10150260285687584_3431176_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\3-2.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\35248_1423485321224_1876915_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\379608_3206249970879_2038104901_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\387740_10150440402431674_1560692094_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\390966_10150440401741674_1802007622_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\549734_4021027658159_1545306168_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\550318_3051884831847_1935695448_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\557978_3051871991526_23439360_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\7fe6041d8d34575babfecb77ae91ddd9.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\957Dyn.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\9d5abef11df8f24d91708a5f7d9f1d2f.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\adwcleaner_6.045.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\AM2R_10.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\AM2R_10.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\anarchy.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\AngelThump.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Bach_-_WTC_I,_Prelude_in_D_Major_ii-V-I.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\BAD APPLE!! Piano version (1).mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\BankID_installation_7_2_1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\BankID_installation_7_2_1.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Batman2_-_GothamInDanger (1).mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\BlankDream105.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\bloodhound-1-645mk070411.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\BlueStacks-ThinInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Boerboel_head.jpg:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\Boerboel_head.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\CaptBeyond-liveanth-5x5.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\ChromeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\d21vu35cjx7sd4.cloudfront.net.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Difang Duana (Kuo Ying-nan) and Igay Duana (Kuo Hsiu-chu)  )-Jubilant Drinking Song www.mp3lio.net .mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\Difang Duana (Kuo Ying-nan) and Igay Duana (Kuo Hsiu-chu)  )-Jubilant Drinking Song www.mp3lio.net .mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\foobar2000_v1.3.7.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\foobar2000_v1.3.7.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\forsenlol.csv:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\forsenlol.csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\French-Bulldog-pros-and-cons-000.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Heroes of Might & Magic 2.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\HitmanPro_x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\HitmanPro_x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\images.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\IMG_00002192.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\jre-8u91-windows-i586-iftw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\jre-8u91-windows-i586-iftw.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\justin.csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\mbar-1.09.3.1001.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\Marcus\Downloads\mbar-1.09.3.1001.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Misc Computer Games - F-zero Gx - Big Blue (Pro).gp5:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\MLP-FIM.S04E13.Simple.Ways-Ponyship.CC.mp4:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\MLP-FIM.S04E13.Simple.Ways-Ponyship.CC.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\MLP-FIM.S04E14.Filli.Vanilli-Ponyship.CC.mp4:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\MLP-FIM.S04E14.Filli.Vanilli-Ponyship.CC.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Mozart-_Coda-_Sonata_in_C_Major,_K._309,_I (1).mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Mozart-_Coda-_Sonata_in_C_Major,_K._309,_I.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\MyLittleInvestigationsInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Pantera - Floods (Pro).gp5:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Pearl Jam - In Hiding (Pro).gp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Progresión_quintas.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\qbittorrent_3.3.3_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Marcus\Downloads\qbittorrent_3.3.3_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\r9013.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\rkill_2.8.4.0.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\RPGVXAce_RTP.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Schezwan Sauce (Chinese) Recipe.rtf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Scorpions - Rock You Like A Hurricane (Pro).gp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Shoyonoido_Mako-chan_-_Episode_02.mpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\SkypeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Snarling-Gray-Wolf-006.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\spikesleep2thelook.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Tom Petty - I Wont Back Down (Pro).gp5:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Touhou Project - Bad Apple (Pro).gp5:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\Vi-ii-V-I_in_C.mid:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\VLDC Scores.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Downloads\wolf-01.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\beforecrazy.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\BeforeFifthTrancension.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\BeforeFourthTrancend.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\beforesecondtrancend.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\BeforethirdTrancend.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\Bleh.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHero Before dumping.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave backup.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave1.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave2.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave3.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave4.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave5.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave6.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSave8.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSaveBeforelastrespec.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSaveBeforeTrancend.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSavel.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSaveOptim.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\clickerHeroSaveReSpec.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Marcus\Documents\rng.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Public\Desktop\Post Win10 Spybot-install.exe:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7934 more sites.

IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1415005557-2677456784-305995954-1000\...\123simsen.com -> www.123simsen.com

There are 7934 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-03-25 00:25 - 00454408 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15593 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1415005557-2677456784-305995954-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: DeviceMonitorService => 2
MSCONFIG\Services: Dyyno Launcher => 2
MSCONFIG\Services: EvoSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MotoHelper => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: COMODO Internet Security => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dyyno Launcher => "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
MSCONFIG\startupreg: GAINWARD => C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
MSCONFIG\startupreg: Google Update => "C:\Users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Unattend0000000001{BD0602BF-1C7D-412B-8C7F-5851F6B5E995} => c:\komplett\bakgrunn.vbs

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9F41F742-98C4-4155-A7E6-05AFF28F763B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{62F2FFA7-66C3-4908-8AFD-D8032788E65D}] => (Allow) LPort=2869
FirewallRules: [{D69F2543-C6AC-4B43-B996-0C3627097B78}] => (Allow) LPort=1900
FirewallRules: [{FF04C998-E35D-4EBB-B45B-54D6FFD17C78}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0C9E0917-C499-4F49-AAEF-11F331F90816}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{90B051DE-43BD-4C79-B595-01E6F23320AF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DD0725F5-6769-4403-8A0E-9037FDEB79BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{D3F1BBCE-5B94-4627-BB76-095D2B025CD6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{8DE01452-15FB-495F-92FB-58711ADA6AD3}] => (Allow) C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dppm_source.exe
FirewallRules: [{16A4E380-5CC7-45E4-AAA6-9DA0D4C8D93F}] => (Allow) C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dppm_source.exe
FirewallRules: [{DB154668-25AB-4F30-A25A-85DE5373A165}] => (Allow) C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dgcsrv.exe
FirewallRules: [{E175A785-1EAB-423B-9878-83DD795BB3E9}] => (Allow) C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dgcsrv.exe
FirewallRules: [TCP Query User{83DD0FCE-F52D-4830-81DE-A0001DEA3026}C:\program files (x86)\heroes of newerth\hon.exe] => (Allow) C:\program files (x86)\heroes of newerth\hon.exe
FirewallRules: [UDP Query User{C59B7940-5966-41CB-BD96-62BB17C366E7}C:\program files (x86)\heroes of newerth\hon.exe] => (Allow) C:\program files (x86)\heroes of newerth\hon.exe
FirewallRules: [{74868F37-6055-4AAB-AF66-427E48554B19}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{19245853-92EE-448A-B4F5-24675A76ADFA}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A663E0DD-F5D1-46AA-BA21-2A81F3FE7CB9}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{8514A522-4D89-4A0A-A153-E57722AE6FE9}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{B4624D40-936E-447A-BB9D-AC63E59A0C04}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{C222314B-DBB8-4943-B8BA-7BF3BE65B33F}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{56B04139-8918-471F-8C61-B7226822C47C}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{512B20CF-D533-48E7-ADC3-4BE002797E62}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD9D32C4-CF07-4B55-811A-E60760DA70C9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{ED33161D-9FC2-487B-B45D-947793AA95EE}C:\spel\cs\hl.exe] => (Allow) C:\spel\cs\hl.exe
FirewallRules: [UDP Query User{4C1FDBE0-52BB-443F-AE36-3DDC0844F39D}C:\spel\cs\hl.exe] => (Allow) C:\spel\cs\hl.exe
FirewallRules: [TCP Query User{C0839A93-D390-4402-8AA3-3330D0B463F5}C:\program files (x86)\motorola media link\lite\mml.exe] => (Allow) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [UDP Query User{DBC203B1-C9AD-48F9-931C-DECA312ADEE6}C:\program files (x86)\motorola media link\lite\mml.exe] => (Allow) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [{015C6C67-9701-47FD-B242-4ADD380C2B68}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{2ABA2178-DEEA-42C3-B195-62AC311A5C62}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{30660E67-B9D9-45AF-B231-F6757CD6D4C3}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{EDD1FD29-04CB-4790-998C-2E99E5291D8C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{683058F6-A7D9-45EC-A1F3-9D86664C73C5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{390D4E95-F40C-4C6D-A480-292CE58DCC96}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{45D9D8F3-1E53-4E58-BA63-C4EFCC63C2D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Closure\Closure.exe
FirewallRules: [{DB767426-D883-4883-81A5-53A8F1803872}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Closure\Closure.exe
FirewallRules: [{EDFDE5D6-54B0-4A56-AEA4-B04BA6FF331E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{C8281384-2F9B-47B8-9F40-4FA9A8C05F82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{19B2F872-1364-4905-AEF6-CD644FD64254}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{97232E7B-22BF-462A-81EE-A1150D3BBE5D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{0D8CEB5B-FB3D-432A-9404-375DA5BB32EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{CA93F5D2-20B1-4B0A-B703-453585803236}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{F8205913-1DD8-41CF-AB57-69C7D582A4C3}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{7BF45503-338E-494A-BBA3-D172FF92B02E}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{85C3553C-C891-4175-8704-2FB3030375F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{50F476F9-C7E8-4C22-8EA4-547D9B184FC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{337A6493-FB9E-478D-9021-32DE1E468DAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0265E9AA-D0DB-4B9B-8A14-3892B17BDC40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{778C278E-F4C9-4B52-BF27-390E575F12F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9B9B46D9-3988-4D7C-892C-88888A7C6F94}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{124F37B1-1FA8-433A-A031-1F6784D6AE96}] => (Allow) C:\Spel\Spore\SporeBin\SporeApp.exe
FirewallRules: [{6B1D0515-189C-444A-99C2-2428B7F352D7}] => (Allow) C:\Spel\Spore\SporeBin\SporeApp.exe
FirewallRules: [{FCDCD580-1376-4D89-8E7F-23F612BEE5FF}] => (Allow) C:\Spel\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{8E3025D0-3C64-4A48-8537-8F7448513ED3}] => (Allow) C:\Spel\Spore\SporebinEP1\SporeApp.exe
FirewallRules: [{D5F710E0-89AD-4D76-909A-1530B99F3BD2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F08E5C80-405F-4070-BECF-81FEF397DAC3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{76378383-A58C-4EB6-99CF-EC64AF86F398}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D6B636D2-4A28-4283-BE5B-B8A35000BDDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7BA39236-0D9E-4F55-B345-6CC55E4C0F78}C:\program files (x86)\motorola media link\lite\mml.exe] => (Block) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [UDP Query User{CFA3A457-EBDC-44E7-B9E8-5FB961832792}C:\program files (x86)\motorola media link\lite\mml.exe] => (Block) C:\program files (x86)\motorola media link\lite\mml.exe
FirewallRules: [TCP Query User{2F016D74-E150-4C38-885D-0D549EFE98CB}C:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Allow) C:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [UDP Query User{BE3E3B17-FCDB-43A4-9600-D2AED85949E0}C:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Allow) C:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [TCP Query User{D1A50C41-1E3E-477C-97D1-CC32FAEBBA74}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{CBE5346F-4230-4861-A2E0-96D30598EEA7}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{C7E483FD-8C15-43EA-A112-0C1CAC3B2CE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [{3C709B45-8691-4176-8CAF-47FD7DD2C096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe
FirewallRules: [{8E0263ED-1DB2-44C2-BC73-3AE64398404E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{542CBD61-09E6-4AEE-A00E-FF035E6F6D48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{321DD50D-3D17-4B73-B214-59C5F3526237}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AE8E4328-BCEE-4848-AF3C-BD1864148BB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5A3CA317-A642-4EAB-86ED-5BD3D1809998}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{892D4E78-0129-4EFF-A2BD-E3CD209655BF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{87B6D41B-857D-472D-A529-BF1E1C6319FD}C:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Block) C:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [UDP Query User{7D5986CD-D26B-4B66-B80F-C9BC567977A5}C:\spel\heroes of might and magic 3 complete\heroes3.exe] => (Block) C:\spel\heroes of might and magic 3 complete\heroes3.exe
FirewallRules: [TCP Query User{F76C83FB-287C-4033-9439-9B3E054FA660}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{FC4CFD02-57FC-4477-893B-44A0759239E7}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{9B57BE69-C741-4AE0-BE33-EE4ACD719B5C}C:\spel\cs\hl.exe] => (Allow) C:\spel\cs\hl.exe
FirewallRules: [UDP Query User{A3FF3537-FD06-49F4-A254-E0D9FE021335}C:\spel\cs\hl.exe] => (Allow) C:\spel\cs\hl.exe
FirewallRules: [{724B515A-009C-43E9-AC4E-26F1D420A179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{A31C2248-6DFE-44EA-A808-B707EA1BBBEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{65D3ABD4-4133-4CCE-AC7A-38435606310F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3D7692C6-2BBB-4CCF-B78E-D3EC5609D93C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{76F8D05C-A6BD-4502-A816-DB393A80CAEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{7CCDA5C3-D3C2-47C3-A51A-2E9ED38B5F4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{3CC0DE81-2A1B-4E37-95F1-B6D02FB4F7C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{DD04A714-C00B-4A05-80D4-C37CB343F3ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe

==================== Restore Points =========================

08-03-2017 00:33:31 Schemalagd kontrollpunkt
16-03-2017 04:00:22 Windows Update
25-03-2017 03:29:39 Checkpoint by HitmanPro
25-03-2017 03:35:27 Checkpoint by HitmanPro
27-03-2017 10:34:30 Windows Update
30-03-2017 23:22:31 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2017 11:27:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/30/2017 11:22:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när gränssnittet IVssWriterCallback skulle erhållas.  hr = 0x80070005, Åtkomst nekad.
.
Det orsakas ofta av inkorrekta säkerhetsinställningar i processen för antingen skrivaren eller beställaren.


Åtgärd:
   Samlar in skrivardata

Kontext:
   Skrivarklass-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Skrivarnamn: System Writer
   Skrivarinstans-ID: {ef2be32b-cc2f-46dd-a211-db9f8263c0bc}

Error: (03/30/2017 11:46:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 07:22:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: firefox.exe, version 52.0.2.6291, tidsstämpel 0x58d41a2d
, felet uppstod i modulen med namn: mozglue.dll, version 52.0.2.6291, tidsstämpel 0x58d41a1f
Undantagskod: 0x80000003
Felförskjutning: 0x0000f73b
Process-ID: 0x544
Programmets starttid: 0x01d2a8b0b52f82f5
Sökväg till program: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Sökväg till modul: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Rapport-ID: 5426c860-14a4-11e7-b5ee-bcaec5b706e9

Error: (03/29/2017 07:22:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 52.0.2.6291, tidsstämpel 0x58d41e88
, felet uppstod i modulen med namn: mozglue.dll, version 52.0.2.6291, tidsstämpel 0x58d41a1f
Undantagskod: 0x80000003
Felförskjutning: 0x0000f73b
Process-ID: 0x1084
Programmets starttid: 0x01d2a8b0e8720ecb
Sökväg till program: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Sökväg till modul: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Rapport-ID: 4b717fab-14a4-11e7-b5ee-bcaec5b706e9

Error: (03/29/2017 05:46:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 02:34:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 02:27:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 01:54:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 01:03:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/30/2017 11:24:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tjänsthanteraren försökte utföra en korrigeringsåtgärd (Starta om tjänsten) efter att tjänsten Windows Search avslutats oväntat, men denna åtgärd misslyckades med följande fel:
Det finns redan en aktiv session av tjänsten.

Error: (03/30/2017 11:23:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Application Virtualization Client avslutades oväntat. Detta har skett 1 gånger.

Error: (03/30/2017 11:23:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Print Spooler avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 60000 millisekunder: Starta om tjänsten.

Error: (03/30/2017 11:23:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Windows Live ID Sign-in Assistant avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 10000 millisekunder: Starta om tjänsten.

Error: (03/30/2017 11:23:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Application Virtualization Service Agent avslutades oväntat. Detta har skett 1 gånger.

Error: (03/30/2017 11:23:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Windows Media Player Network Sharing Service avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 30000 millisekunder: Starta om tjänsten.

Error: (03/30/2017 11:23:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Client Virtualization Handler avslutades oväntat. Detta har skett 1 gånger.

Error: (03/30/2017 11:23:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Windows Search avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 30000 millisekunder: Starta om tjänsten.

Error: (03/29/2017 01:55:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Spybot-S&D 2 Scanner Service kunde inte startas på grund av följande fel:
Tjänsten svarade inte på start- eller kontrollbegäran i tid.

Error: (03/29/2017 01:55:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Spybot-S&D 2 Scanner Service skulle ansluta.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 50%
Total physical RAM: 4062.05 MB
Available physical RAM: 2009.48 MB
Total Virtual: 8122.29 MB
Available Virtual: 5796.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:125.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (D3C1.0.0) (CDROM) (Total:7.6 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F1A3016C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,126 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:38 AM

Posted 30 March 2017 - 04:47 PM

Excellent.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Mattias84

Mattias84
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 31 March 2017 - 07:53 AM

ESET & Security Check Log. The computer is running as normal.

 

C:\Users\All Users\Comodo\Cis\Quarantine\data\{2439B349-04A0-44A6-AC7C-01702FE7872B}    Win32/TopMedia.A potentially unwanted application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{312F4225-F890-4A34-86CD-8348DDDF8D26}    a variant of Java/TrojanDownloader.Agent.NDJ trojan    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{3DA0BD6F-F1C0-4064-80AB-8EBF745816B9}    multiple threats    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{7D7FDE8B-9273-4715-9689-80FD75E73721}    multiple threats    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{9D61DF89-97B3-4CCA-85ED-276B64C3524E}    a variant of Win32/CNETInstaller.B potentially unwanted application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{9DE2250D-1279-471A-96F0-D6882A73FB9D}    multiple threats    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{DCC5EF4E-EBB5-4794-9D53-5246D2A4CF34}    Eicar test file    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{E0BF39B5-571F-4050-94B2-94D986A04ECB}    a variant of Win32/CNETInstaller.B potentially unwanted application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{FAF8B893-5FF4-4A4D-9A45-69F973FACD2E}    a variant of Win32/Keygen.PD potentially unsafe application    
C:\Users\All Users\Comodo\Cis\Quarantine\data\{FE81FDDD-00CD-4122-B134-98FC31606591}    a variant of Win32/Keygen.PD potentially unsafe application    
C:\AdwCleaner\quarantine\files\aeyipfxjoztnapzzbspanesvralpwlsa\uninst.exe    a variant of Win32/Adware.Toolbar.Shopper.AE application    cleaned by deleting
C:\Program Files (x86)\Cheat Engine 6.2\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    cleaned by deleting
C:\ProgramData\Comodo\Cis\Quarantine\data\{2439B349-04A0-44A6-AC7C-01702FE7872B}    Win32/TopMedia.A potentially unwanted application    cleaned by deleting
C:\ProgramData\Comodo\Cis\Quarantine\data\{312F4225-F890-4A34-86CD-8348DDDF8D26}    a variant of Java/TrojanDownloader.Agent.NDJ trojan    cleaned by deleting
C:\ProgramData\Comodo\Cis\Quarantine\data\{3DA0BD6F-F1C0-4064-80AB-8EBF745816B9}    multiple threats    cleaned by deleting
C:\ProgramData\Comodo\Cis\Quarantine\data\{7D7FDE8B-9273-4715-9689-80FD75E73721}    multiple threats    cleaned by deleting
C:\ProgramData\Comodo\Cis\Quarantine\data\{9D61DF89-97B3-4CCA-85ED-276B64C3524E}    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting
C:\ProgramData\Comodo\Cis\Quarantine\data\{9DE2250D-1279-471A-96F0-D6882A73FB9D}    multiple threats    cleaned by deleting
C:\ProgramData\Comodo\Cis\Quarantine\data\{DCC5EF4E-EBB5-4794-9D53-5246D2A4CF34}    Eicar test file    cleaned by deleting
C:\ProgramData\Comodo\Cis\Quarantine\data\{E0BF39B5-571F-4050-94B2-94D986A04ECB}    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting
C:\ProgramData\Comodo\Cis\Quarantine\data\{FAF8B893-5FF4-4A4D-9A45-69F973FACD2E}    a variant of Win32/Keygen.PD potentially unsafe application    cleaned by deleting
C:\ProgramData\Comodo\Cis\Quarantine\data\{FE81FDDD-00CD-4122-B134-98FC31606591}    a variant of Win32/Keygen.PD potentially unsafe application    deleted
C:\Spel\CS\steamclient.dll    a variant of Win32/GameHack.ANF potentially unsafe application    cleaned by deleting
C:\Users\Marcus\Desktop\Skit\Genvägar\ccsetup403.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Marcus\Desktop\Skit\Genvägar\ccsetup410.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Marcus\Desktop\Skit\Genvägar\dfsetup214.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    cleaned by deleting
C:\Users\Marcus\Desktop\Skit\Genvägar\spsetup122.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Marcus\Downloads\ccsetup400.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Marcus\Downloads\CheatEngine62.exe    Win32/OpenCandy potentially unsafe application    cleaned by deleting

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
COMODO Antivirus   
Malwarebytes       
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Java 8 Update 91  
 Java version 32-bit out of Date!
 Adobe Flash Player 25.0.0.127  
 Adobe Reader 10.1.3 Adobe Reader out of Date!  
 Mozilla Firefox (52.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Comodo Firewall cmdagent.exe
 MALWAREBYTES Anti-Malware mbamtray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0
````````````````````End of Log``````````````````````


 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,126 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:38 AM

Posted 31 March 2017 - 09:47 AM

Looks good. We need to update one program.

Please do this.

===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.
  • Please visit Adobe Reader
  • Uncheck any optional offers you do not want
  • Click Install now
  • Save the file to your desktop
  • Double click the installation icon
  • Select Run
  • When completed click Finish
  • Press the Windows key + R at the same time
  • Type appwiz.cpl, press Enter, and allow the Programs list to populate
  • Uninstall every Adobe Reader program except the one just downloaded and installed
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Update go well?
  • Any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Mattias84

Mattias84
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 31 March 2017 - 10:25 AM

I have updated Adobe Reader but I can't see any other Adobe Reader in the appwiz.cpl other than the one I just installed.

 

I don't see any issues that has occured so far.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,126 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:38 AM

Posted 31 March 2017 - 12:17 PM

Great, looks like we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Mattias84

Mattias84
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 31 March 2017 - 12:40 PM

I feel relieved to hear that I am now clean. I have run the Delfix with the options you provided.

 

Thank you kindly for all the help Gary! You are amazing.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users