Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Infection that wasn't solved in other Bleeping C Forum


  • This topic is locked This topic is locked
16 replies to this topic

#1 rmihaly

rmihaly

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 14 December 2017 - 10:44 PM

This Strange Infection wasn't solved in the following Bleeping Computer Forum:

https://www.bleepingcomputer.com/forums/t/665396/mega-virus-removal-cant-even-download-malwarebytes/

Bleeping poster Unworn_Kilt suggested I post here. Just ran Farbar:

 

Here are FRST.txt & Addition.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-12-2017
Ran by Sculptor (administrator) on BLACKBEAST (14-12-2017 22:29:33)
Running from C:\Users\Sculptor\Downloads\REMOVING VIRUSES
Loaded Profiles: Sculptor & UpdatusUser (Available Profiles: Sculptor & UpdatusUser)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Piano Marvel LLC\Piano Marvel Plugin\PianoMarvel.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
(Xerox Corporation.) C:\WINDOWS\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Xerox Corporation.) C:\WINDOWS\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-06-30] (Oracle Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-07] (COMODO)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-08-02] (Safer-Networking Ltd.)
HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\MountPoints2: {33247396-7e17-11e4-bf38-3085a9967f87} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\MountPoints2: {7a975d49-4d43-11e5-bf5e-3085a9967f87} - "F:\pptview.exe" /L "playlist.txt"
HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk [2013-05-17]
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2017-10-02]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\WINDOWS\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{23570CBD-F8F5-4E88-862D-D36DA18555E1}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{4AE36BC5-5300-4046-80C8-E3479FDA498B}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{4AE36BC5-5300-4046-80C8-E3479FDA498B}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{C8F319BE-8186-4D5E-9624-8E705130F06F}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
URLSearchHook: [S-1-5-21-4249298081-3529762593-763126968-1001] ATTENTION => Default URLSearchHook is missing
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-30] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-30] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: yp917fix.default-1399755343859
FF ProfilePath: C:\Users\Sculptor\AppData\Roaming\Mozilla\Firefox\Profiles\yp917fix.default-1399755343859 [2017-12-14]
FF Homepage: Mozilla\Firefox\Profiles\yp917fix.default-1399755343859 -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\yp917fix.default-1399755343859 -> is enabled.
FF Extension: (Looking Glass) - C:\Users\Sculptor\AppData\Roaming\Mozilla\Firefox\Profiles\yp917fix.default-1399755343859\Extensions\pug.experience@shield.mozilla.org.xpi [2017-12-13] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Sculptor\AppData\Roaming\Mozilla\Firefox\Profiles\yp917fix.default-1399755343859\Extensions\uBlock0@raymondhill.net.xpi [2017-11-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-4249298081-3529762593-763126968-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sculptor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Sculptor\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-03-14] (Cisco WebEx LLC)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10880832 2017-11-21] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-11-21] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-01] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-12-13] (SurfRight B.V.)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-07] (COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-06-01] (NVIDIA Corporation)
R2 Piano Marvel Plugin; C:\Program Files (x86)\Piano Marvel LLC\Piano Marvel Plugin\PianoMarvel.exe [1563888 2016-02-21] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2016-01-24] (Xerox Corporation.) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CCUSBMIDI; C:\WINDOWS\System32\Drivers\ccusbmid.sys [26624 2016-02-21] (CASIO COMPUTER CO., LTD.)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [35368 2017-11-16] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [824376 2017-11-16] (COMODO)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2017-12-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-14] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-14] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-13] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-14] (Malwarebytes)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38032 2015-06-01] (NVIDIA Corporation)
S3 prwntdrv; C:\WINDOWS\system32\prwntdrv.sys [16776 2010-08-25] () [File not signed]
S3 prwntdrv; C:\WINDOWS\SysWOW64\prwntdrv.sys [13704 2010-08-25] () [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-14 22:29 - 2017-12-14 22:29 - 000000000 ___DC C:\FRST
2017-12-14 02:15 - 2017-12-14 02:15 - 000255928 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\3246F3FE.sys
2017-12-14 02:01 - 2017-12-14 02:01 - 000255928 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\3747839E.sys
2017-12-13 22:36 - 2017-12-04 11:23 - 000835576 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-13 22:36 - 2017-12-04 11:23 - 000177656 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 22:03 - 2017-12-13 22:03 - 000000876 ____C C:\WINDOWS\system32\.crusader
2017-12-13 22:00 - 2017-12-13 22:00 - 000001905 ____C C:\Users\Public\Desktop\HitmanPro.lnk
2017-12-13 22:00 - 2017-12-13 22:00 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-12-13 22:00 - 2017-12-13 22:00 - 000000000 ___DC C:\Program Files\HitmanPro
2017-12-13 21:58 - 2017-12-13 22:03 - 000000000 ___DC C:\ProgramData\HitmanPro
2017-12-13 09:00 - 2017-12-13 09:00 - 000255928 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\52570660.sys
2017-12-13 08:57 - 2017-12-14 22:22 - 000000000 ____D C:\Users\Sculptor\Desktop\mbar
2017-12-13 08:57 - 2017-12-14 02:28 - 000000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-13 08:45 - 2017-12-14 02:12 - 000046008 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-12-13 08:45 - 2017-12-13 08:45 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-13 08:32 - 2017-12-13 08:32 - 000000000 ___DC C:\ProgramData\MB3CoreBackup
2017-12-13 08:17 - 2017-12-14 22:25 - 000094144 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-12-13 08:17 - 2017-12-14 02:12 - 000110016 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-12-13 08:17 - 2017-12-13 09:00 - 000000000 ___DC C:\ProgramData\Malwarebytes
2017-12-13 08:17 - 2017-12-13 08:45 - 000253880 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-13 08:17 - 2017-12-13 08:45 - 000193968 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-12-13 08:17 - 2017-12-13 08:45 - 000001883 ____C C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-13 08:17 - 2017-12-13 08:17 - 000000000 ___DC C:\Program Files\Malwarebytes
2017-12-13 08:17 - 2017-11-29 09:11 - 000077432 ____C C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-13 08:03 - 2017-12-13 21:28 - 000000000 ___DC C:\AdwCleaner
2017-12-13 07:53 - 2017-12-13 21:18 - 000003898 _____ C:\Users\Sculptor\Desktop\Rkill.txt
2017-12-12 23:43 - 2017-11-17 10:37 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-12-12 23:43 - 2017-11-13 22:57 - 025731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-12 23:43 - 2017-11-13 22:30 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-12 23:43 - 2017-11-13 22:25 - 005925888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-12 23:43 - 2017-11-13 22:20 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-12 23:43 - 2017-11-13 21:48 - 015267328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-12 23:43 - 2017-11-13 21:27 - 001544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-12 23:43 - 2017-11-13 20:37 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-12 23:43 - 2017-11-13 20:10 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-12 23:43 - 2017-11-13 19:32 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-12 23:43 - 2017-11-08 10:55 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-12-12 23:43 - 2017-11-07 16:15 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 23:43 - 2017-11-07 15:49 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 23:43 - 2017-11-07 15:46 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 23:43 - 2017-11-07 15:39 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-12 23:43 - 2017-11-07 15:27 - 004509696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-12 23:43 - 2017-11-07 15:18 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-12-12 23:43 - 2017-11-07 15:08 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-12-12 23:43 - 2017-11-07 15:02 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-12-12 23:43 - 2017-11-07 15:01 - 001313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-12 23:43 - 2017-10-18 12:14 - 000136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-12 23:43 - 2017-10-14 02:23 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-12-12 23:43 - 2017-10-14 02:17 - 003717632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-12 23:43 - 2017-10-14 01:19 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-12-12 23:43 - 2017-10-10 11:39 - 001192960 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2017-12-12 23:43 - 2017-10-10 11:29 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2017-12-12 23:43 - 2017-10-10 10:42 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2017-12-12 23:43 - 2017-10-10 09:58 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2017-12-12 23:42 - 2017-11-13 21:55 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-12-12 23:42 - 2017-11-13 21:48 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-12-12 23:42 - 2017-11-13 21:39 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-12 23:42 - 2017-11-13 21:16 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-12-12 23:42 - 2017-11-07 15:29 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-12-12 23:42 - 2017-11-07 15:27 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 23:42 - 2017-11-07 15:22 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-12-12 23:42 - 2017-11-07 15:04 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-12 23:42 - 2017-11-07 14:58 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-12-12 23:42 - 2017-10-14 02:55 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-12-12 23:42 - 2017-10-14 02:29 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-12 23:42 - 2017-10-14 01:41 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-12-12 22:33 - 2017-12-12 22:33 - 000000000 ___DC C:\Users\Sculptor\AppData\Local\ESET
2017-12-12 16:08 - 2017-12-14 22:29 - 000000000 ____D C:\Users\Sculptor\Downloads\REMOVING VIRUSES
2017-12-10 16:43 - 2017-12-10 16:43 - 000003574 _____ C:\WINDOWS\System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-10 16:43 - 2017-12-10 16:43 - 000002077 ____C C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2017-12-10 16:43 - 2017-12-10 16:43 - 000000000 ___DC C:\Program Files (x86)\VulkanRT
2017-12-10 16:43 - 2017-10-27 11:36 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-12-10 16:43 - 2017-10-27 11:12 - 000607168 ____C (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-12-10 16:43 - 2017-10-27 11:12 - 000081856 ____C (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-12-10 16:43 - 2017-10-27 11:06 - 000136312 ____C (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-12-10 16:43 - 2017-09-13 18:20 - 000798008 ____C C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-12-10 16:43 - 2017-09-13 18:20 - 000490296 ____C C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-12-10 16:43 - 2017-09-13 18:19 - 000927544 ____C C:\WINDOWS\system32\vulkan-1.dll
2017-12-10 16:43 - 2017-09-13 18:19 - 000591160 ____C C:\WINDOWS\system32\vulkaninfo.exe
2017-12-08 09:36 - 2017-12-08 09:36 - 000826544 _____ C:\Users\Sculptor\Desktop\FGNewspaper-December.pdf
2017-12-06 22:15 - 2017-12-06 22:15 - 000000000 ____D C:\Users\Sculptor\Documents\3D-CoatV3
2017-11-22 13:00 - 2017-12-11 16:16 - 000000000 ____D C:\Users\Sculptor\Documents\Scan
2017-11-16 15:04 - 2017-11-16 15:04 - 000006449 ____C C:\Users\Sculptor\AppData\Local\recently-used.xbel
2017-11-15 02:35 - 2017-10-17 14:11 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 02:35 - 2017-10-16 13:38 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 02:35 - 2017-10-14 08:04 - 001548624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 02:35 - 2017-10-14 03:13 - 002903552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-11-15 02:35 - 2017-10-14 02:31 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-11-15 02:35 - 2017-10-14 02:30 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 02:35 - 2017-10-14 02:30 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 02:35 - 2017-10-14 02:27 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 02:35 - 2017-10-14 02:05 - 015431680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 02:35 - 2017-10-14 01:50 - 002293760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-11-15 02:35 - 2017-10-14 01:25 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-11-15 02:35 - 2017-10-14 01:24 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 02:35 - 2017-10-14 01:23 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 02:35 - 2017-10-14 01:14 - 013317632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 02:35 - 2017-10-10 11:36 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 02:35 - 2017-10-10 10:38 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 02:35 - 2017-10-10 10:38 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-11-15 02:35 - 2017-10-10 10:11 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 02:35 - 2017-10-10 10:08 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-11-15 02:35 - 2017-10-05 02:17 - 000380248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 02:35 - 2017-09-14 18:52 - 000986968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-11-15 02:35 - 2017-09-08 12:14 - 003084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-11-15 02:35 - 2017-09-08 11:50 - 002471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-11-15 02:35 - 2017-09-07 22:31 - 000685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-11-15 02:35 - 2017-09-07 22:28 - 000507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-11-15 02:35 - 2017-09-07 16:31 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-11-15 02:35 - 2017-09-07 14:20 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-11-15 02:35 - 2017-09-07 12:20 - 000513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-11-15 02:35 - 2017-09-07 12:20 - 000513456 _____ C:\WINDOWS\system32\locale.nls
2017-11-15 02:35 - 2017-09-07 08:40 - 000995272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-11-15 02:35 - 2017-09-07 08:40 - 000922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-11-15 02:35 - 2017-09-06 18:07 - 000158552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-11-15 02:35 - 2017-09-06 16:17 - 000461144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-11-15 02:35 - 2017-09-06 16:17 - 000443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2017-11-15 02:35 - 2017-09-06 09:14 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-11-15 02:35 - 2017-08-10 20:39 - 002779136 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-11-15 02:35 - 2017-08-10 20:30 - 002464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-11-15 02:25 - 2017-10-11 02:35 - 000143016 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 02:25 - 2017-10-10 10:21 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 02:25 - 2017-10-10 08:18 - 002023936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 02:25 - 2017-10-10 08:18 - 001570304 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 02:25 - 2017-10-10 08:18 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 02:25 - 2017-10-10 08:18 - 000605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 02:25 - 2017-10-10 08:18 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 02:25 - 2017-10-10 08:18 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-11-15 02:25 - 2017-10-10 08:18 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 02:25 - 2017-10-10 08:18 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 02:25 - 2017-10-10 08:18 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-14 22:27 - 2016-11-16 23:58 - 000000000 ___DC C:\Users\Sculptor\AppData\LocalLow\Mozilla
2017-12-14 22:22 - 2014-05-31 08:53 - 000000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-12-14 22:21 - 2013-05-08 11:57 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2017-12-14 02:30 - 2014-10-10 22:47 - 000000000 ___DC C:\ProgramData\NVIDIA
2017-12-14 02:24 - 2013-05-08 12:37 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4249298081-3529762593-763126968-1000
2017-12-14 02:16 - 2014-09-24 02:17 - 001168706 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-14 02:16 - 2013-08-22 08:36 - 000000000 ___DC C:\WINDOWS\Inf
2017-12-14 02:15 - 2014-05-31 08:53 - 000000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-12-14 02:12 - 2013-08-22 09:45 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-12-14 02:00 - 2014-08-15 01:00 - 000000000 ___DC C:\Users\Sculptor\AppData\Local\Adobe
2017-12-14 01:56 - 2014-10-10 22:49 - 000000000 ____D C:\Users\UpdatusUser
2017-12-13 22:35 - 2013-08-22 09:44 - 005120184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-13 22:34 - 2012-07-26 02:59 - 000000000 ___DC C:\WINDOWS\CbsTemp
2017-12-13 21:14 - 2013-07-12 01:29 - 000000000 ___DC C:\WINDOWS\system32\MRT
2017-12-13 21:12 - 2017-10-13 03:56 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 21:12 - 2013-05-07 02:00 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-13 08:50 - 2014-05-10 19:30 - 000000000 ___DC C:\Program Files (x86)\AV Video Morpher
2017-12-13 08:36 - 2015-04-15 14:24 - 000001970 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2017-12-13 08:36 - 2014-07-31 11:25 - 000001750 _____ C:\WINDOWS\System32\Tasks\{790A3124-5D1E-4937-99D2-E895956B5A97}
2017-12-13 08:36 - 2014-05-31 08:53 - 000003062 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-13 08:36 - 2014-05-31 08:53 - 000002826 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-13 08:36 - 2014-05-12 13:09 - 000002038 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-BlackBeast-Sculptor
2017-12-13 08:36 - 2014-05-10 15:22 - 000001736 _____ C:\WINDOWS\System32\Tasks\{4B076E66-8E98-4AA7-B0F1-5347165D1533}
2017-12-13 08:36 - 2013-09-09 21:41 - 000001772 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4249298081-3529762593-763126968-1000
2017-12-13 08:36 - 2013-09-09 21:41 - 000001666 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4249298081-3529762593-763126968-1000
2017-12-13 08:36 - 2013-08-20 12:03 - 000001712 _____ C:\WINDOWS\System32\Tasks\{EADA3994-BADA-49C2-A0A2-4F9158776E27}
2017-12-13 08:36 - 2013-07-30 10:32 - 000001924 _____ C:\WINDOWS\System32\Tasks\{388042B7-9D7F-48A4-A7C6-FC7E1F1D7180}
2017-12-13 08:36 - 2013-05-06 10:01 - 000001722 _____ C:\WINDOWS\System32\Tasks\{385A2B4C-9D2D-4DD2-A560-CF22B715B198}
2017-12-13 08:08 - 2015-04-15 14:24 - 000038198 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-12-12 16:14 - 2013-09-17 11:29 - 000000000 __HDC C:\ProgramData\CanonIJScan
2017-12-12 16:14 - 2013-09-17 11:29 - 000000000 ___DC C:\Users\Sculptor\AppData\Roaming\Canon
2017-12-12 16:13 - 2015-02-08 12:17 - 000000000 ___DC C:\ProgramData\Garmin
2017-12-12 16:13 - 2015-02-08 12:17 - 000000000 ___DC C:\Program Files (x86)\Garmin
2017-12-12 16:13 - 2014-05-12 11:29 - 000000000 ___DC C:\ProgramData\Package Cache
2017-12-12 16:00 - 2014-05-10 17:34 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-12 09:39 - 2014-05-26 13:57 - 000004152 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-12 09:39 - 2013-08-22 10:36 - 000000000 ___DC C:\WINDOWS\SysWOW64\Macromed
2017-12-12 09:39 - 2013-08-22 10:36 - 000000000 ___DC C:\WINDOWS\system32\Macromed
2017-12-11 17:19 - 2015-03-05 22:36 - 000000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-12-11 17:19 - 2014-05-10 17:34 - 000001159 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-10 16:43 - 2014-10-10 22:47 - 000000000 ___DC C:\ProgramData\NVIDIA Corporation
2017-12-10 16:43 - 2014-10-10 22:47 - 000000000 ___DC C:\Program Files\NVIDIA Corporation
2017-12-10 16:43 - 2014-10-10 22:47 - 000000000 ___DC C:\Program Files (x86)\NVIDIA Corporation
2017-12-10 16:43 - 2014-05-11 01:28 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-10 12:05 - 2015-08-20 17:52 - 000000000 ____D C:\Users\Sculptor\AppData\Roaming\.minecraft
2017-12-10 12:05 - 2015-08-20 17:51 - 000000000 ___DC C:\Program Files (x86)\Minecraft
2017-12-07 03:44 - 2014-10-28 12:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-12-07 03:43 - 2013-08-22 08:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-12-06 04:52 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-04 19:25 - 2013-08-22 10:36 - 000000000 ___DC C:\WINDOWS\system32\FxsTmp
2017-11-22 12:49 - 2013-05-09 01:15 - 000000000 ___DC C:\Users\Sculptor\AppData\Roaming\Mozilla
2017-11-21 15:25 - 2014-03-25 19:22 - 000912792 ____C (COMODO) C:\WINDOWS\system32\guard64.dll
2017-11-21 15:25 - 2014-03-25 19:22 - 000702376 ____C (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2017-11-21 15:25 - 2014-03-25 19:22 - 000051808 ____C (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2017-11-21 15:23 - 2014-03-25 19:22 - 000467136 ____C (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2017-11-21 15:21 - 2014-03-25 19:22 - 000371392 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2017-11-20 08:29 - 2015-04-17 09:22 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-18 12:52 - 2016-09-03 13:45 - 000000000 ___DC C:\Users\Sculptor\.gimp-2.8
2017-11-16 22:21 - 2016-09-03 17:39 - 000000000 ___DC C:\Users\Sculptor\AppData\Local\gtk-2.0
2017-11-16 08:41 - 2014-04-16 21:13 - 000824376 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2017-11-16 08:41 - 2014-04-16 21:13 - 000124176 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2017-11-16 08:41 - 2014-04-16 21:13 - 000042080 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2017-11-16 08:41 - 2014-04-16 21:13 - 000035368 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys

==================== Files in the root of some directories =======

2014-06-02 06:57 - 2014-06-02 06:57 - 000000025 ___HC () C:\Users\Sculptor\AppData\Roaming\uninst.log
2014-05-10 21:16 - 2014-05-12 03:25 - 000351173 _____ () C:\Users\Sculptor\AppData\Roaming\VideoPad.dmp
2017-11-16 15:04 - 2017-11-16 15:04 - 000006449 ____C () C:\Users\Sculptor\AppData\Local\recently-used.xbel
2014-06-02 06:57 - 2014-06-02 06:57 - 000000025 ___HC () C:\Users\Sculptor\AppData\Local\uninst.log

Some files in TEMP:
====================
2017-10-29 19:53 - 2013-07-25 09:15 - 000026688 _____ (Foxit Corporation) C:\Users\Sculptor\AppData\Local\Temp\Checkupdate.exe
2017-10-29 19:53 - 2013-07-25 16:38 - 007682112 _____ (Foxit Corporation) C:\Users\Sculptor\AppData\Local\Temp\Foxit Reader Updater.exe
2017-10-29 19:53 - 2013-06-09 20:59 - 000216064 _____ () C:\Users\Sculptor\AppData\Local\Temp\gcapi_dll.dll
2017-10-29 19:53 - 2013-06-09 22:38 - 000073408 _____ () C:\Users\Sculptor\AppData\Local\Temp\gtapi_signed.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-21 02:44

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017
Ran by Sculptor (14-12-2017 22:30:05)
Running from C:\Users\Sculptor\Downloads\REMOVING VIRUSES
Windows 8.1 Pro (Update) (X64) (2014-10-11 04:00:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4249298081-3529762593-763126968-500 - Administrator - Disabled)
Guest (S-1-5-21-4249298081-3529762593-763126968-501 - Limited - Disabled)
Sculptor (S-1-5-21-4249298081-3529762593-763126968-1000 - Administrator - Enabled) => C:\Users\Sculptor
UpdatusUser (S-1-5-21-4249298081-3529762593-763126968-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artec Installation Center (HKLM\...\{D935A2D8-C37D-4090-9683-DC7D6A60D8B9}) (Version: 1.0.2.13 - Artec Group)
Artec Studio (HKLM\...\{90928F73-D490-4A63-9E59-00C7FF458CC0}) (Version: 8.1.1.25 - Artec Group) Hidden
Artec Studio (HKLM-x32\...\InstallShield_{90928F73-D490-4A63-9E59-00C7FF458CC0}) (Version: 8.1.1.25 - Artec Group)
Aurora 3D Text & Logo Maker version 13.05.03 (HKLM-x32\...\{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1) (Version: 13.05.03 - Aurora3D Software)
AV Video Morpher (HKLM-x32\...\AV Video Morpher) (Version: 3.0.53 - AVSOFT Corporation)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Cisco WebEx Meetings (HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
COMODO Antivirus (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 10.0.2.6420 - COMODO Security Solutions Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.4 - Ashisoft)
EaseUS Partition Recovery 5.6.1 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version:  - EaseUS)
FileZilla Client 3.7.2 (HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\FileZilla Client) (Version: 3.7.2 - Tim Kosse)
FotoMorph version 13.9 (HKLM-x32\...\{87A9A094-22A8-4F8A-9B7D-03D7CA48CE15}_is1) (Version: 13.9 - Digital Photo Software)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.10.0.95 - NVIDIA Corporation) Hidden
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.424651.94 - Comodo)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Media Player Codec Pack 4.2.9 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.9 - Media Player Codec Pack)
Microangelo Creation (HKLM-x32\...\Microangelo Creation) (Version:  - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Cartoonizer (HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\f36a791524489639) (Version: 1.0.0.48 - Caricature Software)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
netfabb Studio Basic (HKLM-x32\...\netfabb) (Version:  - )
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Outdoors Unlimited (HKLM-x32\...\OutdoorsUnlimited) (Version: 1.0 - iEntertainment Network)
PartWorks 1.0 (HKLM-x32\...\PartWorks) (Version: 1.0 - ShopBot)
PartWorks3D 1.0 (HKLM-x32\...\PartWorks3D) (Version: 1.0 - ShopBot)
Piano Marvel Plugin (HKLM-x32\...\{B2263BE6-E750-49FD-8F48-BFF3F965A119}) (Version: 4.0 - Piano Marvel LLC)
Poser 4 (HKLM-x32\...\Poser 4) (Version:  - )
Poser 9 (HKLM-x32\...\Poser 9_is1) (Version: 9.0.0 - Smith Micro Software, Inc.)
PoserContent2012 (HKLM\...\Poser Pro_is1) (Version: 9.0.0 - Smith Micro Software, Inc.)
Python 2.7.4 (64-bit) (HKLM\...\{84ADC96C-B7E0-4938-9D6E-2B640D5DA225}) (Version: 2.7.4150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rhinoceros 1.1 (HKLM-x32\...\Rhinoceros 1.1) (Version:  - )
Rhinoceros 4.0 SR5b (HKLM-x32\...\{5B9E1A73-6A74-4DAF-AF1C-DDEBD79C942E}) (Version: 4.0.40226 - Robert McNeel & Associates)
Rhinoceros 4.0 SR9 (HKLM-x32\...\{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}) (Version: 4.0.60309 - Robert McNeel & Associates)
SetIP (HKLM-x32\...\Xerox_SetIP) (Version: 2.00.00.01 - Xerox Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
ShopBot 3 Version 3.6.46 (HKLM-x32\...\ShopBot 3 Control System Software_is1) (Version:  - ShopBot Tools, Inc.)
ShopBot Controller (Driver Removal) (HKLM-x32\...\SBBUCOMM&10C4&83C4) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Packager (x64) (HKLM\...\{5D1DAAC8-F4A4-43E7-8E80-C9476A64EBA6}) (Version: 1.0.6 - Scalable Software)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TRENDnet TEW-648UB Wireless N USB Adapter (HKLM-x32\...\{74A8117D-07C6-4222-AFFD-51421B69DEF0}) (Version: 1.07.0001 - TRENDnet)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.36 - NCH Software)
View User's Guide (HKLM-x32\...\Xerox View User Guide ) (Version: 3.60.45.0 - )
VSDC Free Video Editor version 2.1.8.148 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.1.8.148 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Driver Package - Artec Group (PGRUSBCam) PGRDevices  (01/28/2010 2.0.3.14) (HKLM\...\0986019B0829372B2ED21EA68790F4BC8DC4E59D) (Version: 01/28/2010 2.0.3.14 - Artec Group)
Windows Driver Package - CASIO (CCUSBMIDI) MEDIA  (02/24/2012 1.00.00.0004) (HKLM\...\74347E8ACBB0CD4B3A12C89F2E2FAA6CEFBE40CA) (Version: 02/24/2012 1.00.00.0004 - CASIO)
Windows Driver Package - Lumenera (lmldr28a) Image  (04/01/2010 ) (HKLM\...\9491DEBCF07853F96ABDDA127B99AE29E0CCF525) (Version: 04/01/2010  - Lumenera)
Windows Driver Package - Lumenera (lmldr29a) Image  (04/01/2010 ) (HKLM\...\576BF94EEF314553AEA1997A8781784E527721DC) (Version: 04/01/2010  - Lumenera)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.05.93 (4/11/2014) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.00(4/21/2014) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.01 (5/20/2014) - Xerox Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-11-21] (COMODO)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2013-04-06] (Foxit Corporation)
ContextMenuHandlers1-x32: [RhinoShExt] -> {C81DCBCA-8AE2-41FC-9C39-78B160393210} => C:\Program Files (x86)\Rhinoceros 4.0\System\RhinoShExt.dll [2011-03-09] (Robert McNeel & Associates)
ContextMenuHandlers1-x32: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1-x32: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-11-21] (COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-11-21] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {0F847886-96DE-4923-B2E1-257924A418E4} - System32\Tasks\{385A2B4C-9D2D-4DD2-A560-CF22B715B198} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Sculptor\Downloads\rh40eval_en_20110309.exe -d C:\Users\Sculptor\Desktop
Task: {11021A89-AB0B-46D4-AFE1-859CDFBBB7D8} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1B1CDE3E-CA66-42D0-8947-99E9BF33951D} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-11-21] (COMODO)
Task: {35E0F7E2-7E0E-4503-95B7-E515170D3856} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {3B4EEA39-C70B-459B-970A-C64E607C1189} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {41121277-EF98-438C-9A42-2A55C901DF3B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {49E5F367-B621-4ABA-84FB-6DA202C616DC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4249298081-3529762593-763126968-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {50BBE44D-7D5C-4FF4-8D40-25385FE1D8A2} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2017-11-09] ()
Task: {57DD971A-81F2-4B23-82BB-4E36F6D8EE02} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2017-11-21] (COMODO)
Task: {69393865-A507-4D55-94A5-4BA56CBC9113} - System32\Tasks\{4B076E66-8E98-4AA7-B0F1-5347165D1533} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe -c -maintain plugin
Task: {6DCFEDBC-FB66-488F-B9AA-806A5E6352B6} - System32\Tasks\Microsoft\Windows\SysResetServicingCleanup => C:\$SysReset\Framework\Stack\SystemResetOSUpdates.exe
Task: {6E206660-3921-4300-AB50-09692FC24215} - System32\Tasks\AdobeAAMUpdater-1.0-BlackBeast-Sculptor => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {7D5954EE-87E2-4CDA-806F-0F85AA3324D8} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {8F4EB8E7-9CAB-497D-881C-59974C2FA567} - System32\Tasks\{EADA3994-BADA-49C2-A0A2-4F9158776E27} => C:\WINDOWS\system32\pcalua.exe -a "D:\程序刻录国外\DSP0501 English\0501(English).exe" -d "D:\程序刻录国外\DSP0501 English"
Task: {967650E7-C7A7-48EA-89FB-1F20EBBDA3B5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4249298081-3529762593-763126968-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9E0F98A8-173D-414A-A27F-518C07571BBE} - System32\Tasks\{790A3124-5D1E-4937-99D2-E895956B5A97} => C:\WINDOWS\system32\pcalua.exe -a "E:\Downloads\CREATIVE webcam\WCIS_PCDrv_US_2_00_04_0825.EXE" -d "E:\Downloads\CREATIVE webcam"
Task: {AF7C9FE1-D51F-4CBF-880F-463BAFC226EA} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {BC7E6568-D0EB-4E96-8194-A84ADFE37522} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {BCC68972-9119-4BC0-9272-6273E33A19AD} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-11-21] (COMODO)
Task: {C48E63F8-15AC-4C93-9D0A-4B423D479C34} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D6301D90-A86D-4DC8-9471-0CF5AA0D022E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {E7B2C544-B78B-4C8C-8F19-62D79B9EDFAA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E9101A59-59F9-40FE-BD90-89E3184BF3F1} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {F96959A5-A2BE-4D03-9966-C6249CC678E7} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {FA568466-79D4-4DCA-A8B4-D1AEA16FA1CD} - System32\Tasks\{388042B7-9D7F-48A4-A7C6-FC7E1F1D7180} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=12007

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-01-24 09:13 - 2016-01-24 09:13 - 000034304 _____ () C:\WINDOWS\System32\sxa6mlm.dll
2017-04-06 15:15 - 2017-11-21 15:23 - 000156864 ____C () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2014-03-25 19:22 - 2017-11-21 15:22 - 000106688 ____C () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2014-03-25 19:22 - 2017-11-21 15:22 - 000241856 ____C () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2015-08-19 23:53 - 2016-02-21 16:21 - 001563888 _____ () C:\Program Files (x86)\Piano Marvel LLC\Piano Marvel Plugin\PianoMarvel.exe
2013-05-17 11:46 - 2008-06-26 18:09 - 000167936 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
2017-12-13 08:17 - 2017-11-29 09:11 - 002301384 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-12-13 08:17 - 2017-11-29 09:11 - 002358728 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-04-15 17:39 - 2017-09-07 03:39 - 000073920 ____C () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2012-03-09 08:58 - 2012-03-09 08:58 - 000462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 08:58 - 2012-03-09 08:58 - 000057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-01-26 04:44 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-26 04:44 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-26 04:44 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-26 04:44 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-26 04:44 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID [442370]
AlternateDataStreams: C:\WINDOWS\prinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\Wiainst64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [7856]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [6832]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [10416]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [9904]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [31920]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [8112]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [7088]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID [282112]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [83456]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [1910786]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [2696194]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [460802]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [455680]
AlternateDataStreams: C:\WINDOWS\system32\auditpolmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [366738]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID [1044482]
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID [31232]
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID [37632]
AlternateDataStreams: C:\WINDOWS\system32\coin94.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin95itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin98ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin98itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin99ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin99itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID [101508]
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID [1307650]
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID [619522]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [3414018]
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [1796098]
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [9420802]
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID [208898]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [8835074]
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID [2982914]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [181810]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID [60418]
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [1128448]
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID [244992]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [266240]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [1470994]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [665602]
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID [1044482]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [299776]
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID [1338370]
AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [54272]
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID [536578]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID [53760]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [320322]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID [407040]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZE.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZEL.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZST.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\kbdgeoqw.dll:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [579586]
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [1561602]
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID [1073842]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [4668210]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [1207298]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [425340]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [2576258]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [122148]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID [180786]
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID [234240]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID [233442]
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID [496866]
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID [314800]
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID [501042]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2adec.dll:$CmdTcID [3755010]
AlternateDataStreams: C:\WINDOWS\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID [1233922]
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID [399362]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [14064642]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [5062802]
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID [37376]
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID [275954]
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID [974514]
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID [442370]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID [33794]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID [121858]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID [890882]
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID [129536]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pmcsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ppcsnap.dll:$CmdTcID [130048]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [457730]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [681986]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [1340418]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID [550912]
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID [123428]
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [2614658]
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [109224]
AlternateDataStreams: C:\WINDOWS\system32\SaErHdlr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SaImgFlt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SaMinDrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [632576]
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID [458754]
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID [49154]
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID [720962]
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID [63490]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [820258]
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID [346114]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID [5639170]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [1311746]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [420864]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [326912]
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [96256]
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [1081088]
AlternateDataStreams: C:\WINDOWS\system32\Ssdevm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Ssusbp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [168192]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [400386]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mci.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mlm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID [189440]
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID [2434050]
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID [589826]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [136632]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [1085952]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID [58368]
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID [234496]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [1902594]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [5184514]
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID [205824]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzsync.exe:$CmdTcID [126978]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [624640]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [2556930]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [83970]
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID [598162]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [727552]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [848128]
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID [65024]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [549890]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [1068034]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [864000]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [345090]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [1141762]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [179968]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID [1426434]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID [2420402]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID [575116]
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID [899240]
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID [146348]
AlternateDataStreams: C:\WINDOWS\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID [2021378]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID [3328002]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [5490370]
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID [1225120]
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID [1115714]
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID [902146]
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID [1289218]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID [26626]
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID [1033984]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [88856]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [73472]
AlternateDataStreams: C:\WINDOWS\system32\WSDScDrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID [63490]
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID [324610]
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID [1943554]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [30722]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [132098]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [104450]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [7856]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [6832]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [11184]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [9904]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [33200]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [8112]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [7088]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [71680]
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpolmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID [828418]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID [97282]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID [117762]
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID [92456]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [1099778]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [2689026]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [1405954]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [2034176]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID [43520]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [5971970]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID [2414594]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [40516]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID [12032]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [971520]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID [832514]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID [221696]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [1169314]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [183552]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [100352]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [269824]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID [1073154]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [49664]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID [952322]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID [115456]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [60956]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [1240066]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZE.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZEL.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZST.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kbdgeoqw.dll:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [491522]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [4649490]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [966658]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [350180]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [2231282]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [55272]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID [38468]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID [1487874]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID [198274]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID [548562]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID [231888]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID [550626]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2adec.dll:$CmdTcID [2969778]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID [337922]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [12426242]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [3807698]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID [240770]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID [196780]
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID [106496]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID [7168]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID [26624]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [182272]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID [417794]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [1039362]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID [1123330]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID [428032]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [114636]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID [79360]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [1495042]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [96060]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID [365570]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID [43010]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID [514434]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID [282626]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [1040386]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [1335298]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [1048578]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [296962]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [3625986]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ssdevm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ssusbpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [610306]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID [719874]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [1499138]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [5103618]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID [184576]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [2037762]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [2394114]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID [91928]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [105472]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [750594]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [3093506]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [70912]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID [289024]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID [518840]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID [1829346]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID [121516]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID [443648]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID [2823170]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID [5057570]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID [1223568]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID [246368]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [201216]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID [368128]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID [984832]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [297506]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID [52226]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID [72192]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID [1622018]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID [13568]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [279808]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [160770]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID [115714]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ccusbmid.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ccusbmid.sys:$CmdZnID [26]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpfve.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [308866]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID [54272]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID [29856]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64514]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID [102018]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID [15104]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mup.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiswan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\parport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID [56320]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [72704]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [478850]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\serenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\serial.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID [13056]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [310962]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tunnel.sys:$CmdTcID [77056]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID [158208]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usb8023.sys:$CmdTcID [10496]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbd.sys:$CmdTcID [13996]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [183986]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [937650]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbohci.sys:$CmdTcID [60418]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBSTOR.SYS:$CmdTcID [74416]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbuhci.sys:$CmdTcID [74754]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [162732]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volmgr.sys:$CmdTcID [149170]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volsnap.sys:$CmdTcID [633522]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifibus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwififlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifimp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID [273026]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winusb.sys:$CmdTcID [157698]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WSDScan.sys:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-01-26 05:30 - 000450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15465 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4249298081-3529762593-763126968-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sculptor\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
HKU\S-1-5-21-4249298081-3529762593-763126968-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CodecPackUpdateChecker.lnk"
HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

13-12-2017 22:03:21 Checkpoint by HitmanPro
14-12-2017 02:11:14 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2017 10:03:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e780289c-f51e-4c35-a147-c3fa73cb3aff}

Error: (12/12/2017 09:29:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: SHELL32.dll, version: 6.3.9600.18819, time stamp: 0x59b40e40
Exception code: 0xc0000005
Fault offset: 0x00000000000c5a0f
Faulting process id: 0x28d0
Faulting application start time: 0x01d373ba28b102ac
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\system32\SHELL32.dll
Report Id: 690051b8-dfad-11e7-bfed-3085a9967f87
Faulting package full name:
Faulting package-relative application ID:

Error: (12/12/2017 09:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: SHELL32.dll, version: 6.3.9600.18819, time stamp: 0x59b40e40
Exception code: 0xc0000005
Fault offset: 0x00000000000c5a0f
Faulting process id: 0x1d1c
Faulting application start time: 0x01d3738d042c97a3
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\system32\SHELL32.dll
Report Id: 660a1b10-dfad-11e7-bfed-3085a9967f87
Faulting package full name:
Faulting package-relative application ID:

Error: (12/12/2017 01:05:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f32841
Exception code: 0xe0434352
Fault offset: 0x00015608
Faulting process id: 0x2c4
Faulting application start time: 0x01d3730f33cdf2e3
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: 72478b96-df02-11e7-bfea-3085a9967f87
Faulting package full name:
Faulting package-relative application ID:

Error: (12/12/2017 01:05:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (12/11/2017 01:41:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f32841
Exception code: 0xe0434352
Fault offset: 0x00015608
Faulting process id: 0x2bbc
Faulting application start time: 0x01d3724b17f9a27f
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: 566c141a-de3e-11e7-bfea-3085a9967f87
Faulting package full name:
Faulting package-relative application ID:

Error: (12/11/2017 01:41:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (12/10/2017 03:10:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18666, time stamp: 0x58f32841
Exception code: 0xe0434352
Fault offset: 0x00015608
Faulting process id: 0x1888
Faulting application start time: 0x01d3718e553ba3aa
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: 93963d53-dd81-11e7-bfea-3085a9967f87
Faulting package full name:
Faulting package-relative application ID:

Error: (12/10/2017 03:10:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (12/09/2017 01:13:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.18821, time stamp: 0x59ba86db
Exception code: 0xc0000008
Fault offset: 0x000000000009261a
Faulting process id: 0x191c
Faulting application start time: 0x01d36fc3596ada5d
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: af7ffeaa-dd0c-11e7-bfea-3085a9967f87
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (12/14/2017 02:30:08 AM) (Source: DCOM) (EventID: 10010) (User: BlackBeast)
Description: The server {1379060A-B548-4D9A-B9D3-38C9537D82C9} did not register with DCOM within the required timeout.

Error: (12/14/2017 02:14:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/14/2017 02:12:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/14/2017 02:11:32 AM) (Source: DCOM) (EventID: 10010) (User: BlackBeast)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (12/14/2017 02:11:26 AM) (Source: DCOM) (EventID: 10010) (User: BlackBeast)
Description: The server {1379060A-B548-4D9A-B9D3-38C9537D82C9} did not register with DCOM within the required timeout.

Error: (12/14/2017 01:56:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/14/2017 01:54:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/14/2017 01:54:11 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:35:11 PM on ‎12/‎13/‎2017 was unexpected.

Error: (12/13/2017 10:37:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/13/2017 10:35:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


CodeIntegrity:
===================================
  Date: 2017-12-14 02:12:32.050
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-14 01:54:34.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-13 22:35:26.261
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-13 22:05:55.729
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-13 21:15:40.089
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-13 08:52:25.342
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-13 08:09:48.454
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-12 16:06:12.588
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-12 16:01:35.364
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-12 16:00:37.886
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 5%
Total physical RAM: 61382.73 MB
Available physical RAM: 58094.3 MB
Total Virtual: 124870.73 MB
Available Virtual: 120905.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:21.44 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:215.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: E684A3A9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 



BC AdBot (Login to Remove)

 


#2 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 14 December 2017 - 11:59 PM

Oh yes, a description of what's happening... In almost any program when you right-click to get a contextual drop-down menu, the menus don't work. For example, in Malwarebytes, the language is defaulted to "Cestina"," which means Slovak. I can scroll down and click to change the language to English, but then within a second, the language list starts automatically scrolling back to Cestina, making me unable to select English. In other programs, like Firefox, the drop-down menus just flash really fast and I cannot even select one of the recommended search phrases suggested by Google in Firefox. One more example, I use a standard 3d modeling program called Rhino3D or Rhinoceros, and in it the drop-down menus aren't working so I can't even do my work... I'm desperate(!) and scared of losing data!



#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:40 AM

Posted 15 December 2017 - 05:05 PM

Hi

Welcome :)

I'll be helping you with your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Let's begin... :)
  • Highlight the entire content of the quote box below.

Start::
URLSearchHook: [S-1-5-21-4249298081-3529762593-763126968-1001] ATTENTION => Default URLSearchHook is missing
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File]
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
2017-10-29 19:53 - 2013-07-25 09:15 - 000026688 _____ (Foxit Corporation) C:\Users\Sculptor\AppData\Local\Temp\Checkupdate.exe
2017-10-29 19:53 - 2013-07-25 16:38 - 007682112 _____ (Foxit Corporation) C:\Users\Sculptor\AppData\Local\Temp\Foxit Reader Updater.exe
2017-10-29 19:53 - 2013-06-09 20:59 - 000216064 _____ () C:\Users\Sculptor\AppData\Local\Temp\gcapi_dll.dll
2017-10-29 19:53 - 2013-06-09 22:38 - 000073408 _____ () C:\Users\Sculptor\AppData\Local\Temp\gtapi_signed.dll
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID [442370]
AlternateDataStreams: C:\WINDOWS\prinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\Wiainst64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [7856]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [6832]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [10416]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [9904]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [31920]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [8112]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [7088]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID [282112]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [83456]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [1910786]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [2696194]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [460802]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [455680]
AlternateDataStreams: C:\WINDOWS\system32\auditpolmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [366738]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID [1044482]
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID [31232]
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID [37632]
AlternateDataStreams: C:\WINDOWS\system32\coin94.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin95itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin98ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin98itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin99ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin99itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID [101508]
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID [1307650]
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID [619522]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [3414018]
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [1796098]
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [9420802]
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID [208898]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [8835074]
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID [2982914]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [181810]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID [60418]
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [1128448]
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID [244992]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [266240]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [1470994]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [665602]
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID [1044482]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [299776]
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID [1338370]
AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [54272]
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID [536578]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID [53760]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [320322]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID [407040]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZE.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZEL.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZST.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\kbdgeoqw.dll:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [579586]
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [1561602]
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID [1073842]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [4668210]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [1207298]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [425340]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [2576258]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [122148]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID [180786]
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID [234240]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID [233442]
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID [496866]
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID [314800]
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID [501042]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2adec.dll:$CmdTcID [3755010]
AlternateDataStreams: C:\WINDOWS\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID [1233922]
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID [399362]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [14064642]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [5062802]
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID [37376]
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID [275954]
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID [974514]
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID [442370]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID [33794]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID [121858]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID [890882]
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID [129536]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pmcsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ppcsnap.dll:$CmdTcID [130048]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [457730]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [681986]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [1340418]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID [550912]
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID [123428]
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [2614658]
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [109224]
AlternateDataStreams: C:\WINDOWS\system32\SaErHdlr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SaImgFlt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SaMinDrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [632576]
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID [458754]
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID [49154]
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID [720962]
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID [63490]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [820258]
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID [346114]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID [5639170]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [1311746]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [420864]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [326912]
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [96256]
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [1081088]
AlternateDataStreams: C:\WINDOWS\system32\Ssdevm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Ssusbp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [168192]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [400386]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mci.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mlm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID [189440]
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID [2434050]
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID [589826]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [136632]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [1085952]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID [58368]
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID [234496]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [1902594]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [5184514]
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID [205824]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzsync.exe:$CmdTcID [126978]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [624640]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [2556930]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [83970]
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID [598162]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [727552]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [848128]
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID [65024]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [549890]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [1068034]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [864000]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [345090]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [1141762]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [179968]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID [1426434]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID [2420402]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID [575116]
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID [899240]
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID [146348]
AlternateDataStreams: C:\WINDOWS\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID [2021378]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID [3328002]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [5490370]
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID [1225120]
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID [1115714]
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID [902146]
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID [1289218]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID [26626]
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID [1033984]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [88856]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [73472]
AlternateDataStreams: C:\WINDOWS\system32\WSDScDrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID [63490]
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID [324610]
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID [1943554]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [30722]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [132098]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [104450]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [7856]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [6832]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [11184]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [9904]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [33200]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [8112]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [7088]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [71680]
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpolmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID [828418]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID [97282]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID [117762]
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID [92456]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [1099778]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [2689026]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [1405954]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [2034176]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID [43520]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [5971970]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID [2414594]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [40516]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID [12032]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [971520]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID [832514]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID [221696]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [1169314]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [183552]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [100352]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [269824]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID [1073154]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [49664]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID [952322]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID [115456]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [60956]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [1240066]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZE.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZEL.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZST.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kbdgeoqw.dll:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [491522]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [4649490]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [966658]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [350180]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [2231282]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [55272]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID [38468]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID [1487874]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID [198274]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID [548562]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID [231888]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID [550626]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2adec.dll:$CmdTcID [2969778]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID [337922]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [12426242]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [3807698]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID [240770]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID [196780]
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID [106496]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID [7168]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID [26624]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [182272]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID [417794]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [1039362]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID [1123330]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID [428032]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [114636]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID [79360]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [1495042]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [96060]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID [365570]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID [43010]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID [514434]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID [282626]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [1040386]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [1335298]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [1048578]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [296962]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [3625986]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ssdevm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ssusbpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [610306]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID [719874]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [1499138]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [5103618]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID [184576]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [2037762]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [2394114]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID [91928]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [105472]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [750594]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [3093506]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [70912]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID [289024]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID [518840]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID [1829346]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID [121516]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID [443648]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID [2823170]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID [5057570]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID [1223568]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID [246368]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [201216]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID [368128]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID [984832]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [297506]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID [52226]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID [72192]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID [1622018]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID [13568]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [279808]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [160770]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID [115714]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ccusbmid.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ccusbmid.sys:$CmdZnID [26]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpfve.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [308866]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID [54272]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID [29856]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64514]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID [102018]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID [15104]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mup.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiswan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\parport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID [56320]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [72704]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [478850]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\serenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\serial.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID [13056]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [310962]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tunnel.sys:$CmdTcID [77056]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID [158208]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usb8023.sys:$CmdTcID [10496]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbd.sys:$CmdTcID [13996]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [183986]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [937650]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbohci.sys:$CmdTcID [60418]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBSTOR.SYS:$CmdTcID [74416]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbuhci.sys:$CmdTcID [74754]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [162732]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volmgr.sys:$CmdTcID [149170]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volsnap.sys:$CmdTcID [633522]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifibus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwififlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifimp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID [273026]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winusb.sys:$CmdTcID [157698]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WSDScan.sys:$CmdTcID [64]
HOSTS:
CMD: Removeproxy
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 18 December 2017 - 09:57 PM

Thank you.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Sculptor (18-12-2017 21:34:28) Run:2
Running from C:\Users\Sculptor\Downloads\REMOVING VIRUSES
Loaded Profiles: Sculptor & UpdatusUser (Available Profiles: Sculptor & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
URLSearchHook: [S-1-5-21-4249298081-3529762593-763126968-1001] ATTENTION => Default URLSearchHook is missing
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File]
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
2017-10-29 19:53 - 2013-07-25 09:15 - 000026688 _____ (Foxit Corporation) C:\Users\Sculptor\AppData\Local\Temp\Checkupdate.exe
2017-10-29 19:53 - 2013-07-25 16:38 - 007682112 _____ (Foxit Corporation) C:\Users\Sculptor\AppData\Local\Temp\Foxit Reader Updater.exe
2017-10-29 19:53 - 2013-06-09 20:59 - 000216064 _____ () C:\Users\Sculptor\AppData\Local\Temp\gcapi_dll.dll
2017-10-29 19:53 - 2013-06-09 22:38 - 000073408 _____ () C:\Users\Sculptor\AppData\Local\Temp\gtapi_signed.dll
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID [442370]
AlternateDataStreams: C:\WINDOWS\prinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\Wiainst64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [7856]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [6832]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [10416]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [9904]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [31920]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [8112]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [7088]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID [282112]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [83456]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [1910786]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [2696194]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [460802]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [455680]
AlternateDataStreams: C:\WINDOWS\system32\auditpolmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [366738]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID [1044482]
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID [31232]
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID [37632]
AlternateDataStreams: C:\WINDOWS\system32\coin94.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin95itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin98ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin98itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin99ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin99itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID [101508]
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID [1307650]
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID [619522]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [3414018]
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [1796098]
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [9420802]
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID [208898]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [8835074]
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID [2982914]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [181810]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID [60418]
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [1128448]
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID [244992]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [266240]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [1470994]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [665602]
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID [1044482]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [299776]
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID [1338370]
AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [54272]
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID [536578]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID [53760]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [320322]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID [407040]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZE.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZEL.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZST.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\kbdgeoqw.dll:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [579586]
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [1561602]
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID [1073842]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [4668210]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [1207298]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [425340]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [2576258]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [122148]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID [180786]
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID [234240]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID [233442]
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID [496866]
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID [314800]
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID [501042]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2adec.dll:$CmdTcID [3755010]
AlternateDataStreams: C:\WINDOWS\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID [1233922]
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID [399362]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [14064642]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [5062802]
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID [37376]
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID [275954]
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID [974514]
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID [442370]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID [33794]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID [121858]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID [890882]
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID [129536]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pmcsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ppcsnap.dll:$CmdTcID [130048]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [457730]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [681986]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [1340418]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID [550912]
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID [123428]
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [2614658]
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [109224]
AlternateDataStreams: C:\WINDOWS\system32\SaErHdlr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SaImgFlt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SaMinDrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [632576]
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID [458754]
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID [49154]
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID [720962]
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID [63490]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [820258]
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID [346114]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID [5639170]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [1311746]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [420864]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [326912]
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [96256]
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [1081088]
AlternateDataStreams: C:\WINDOWS\system32\Ssdevm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Ssusbp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [168192]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [400386]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mci.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mlm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID [189440]
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID [2434050]
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID [589826]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [136632]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [1085952]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID [58368]
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID [234496]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [1902594]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [5184514]
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID [205824]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzsync.exe:$CmdTcID [126978]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [624640]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [2556930]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [83970]
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID [598162]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [727552]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [848128]
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID [65024]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [549890]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [1068034]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [864000]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [345090]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [1141762]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [179968]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID [1426434]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID [2420402]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID [575116]
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID [899240]
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID [146348]
AlternateDataStreams: C:\WINDOWS\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID [2021378]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID [3328002]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [5490370]
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID [1225120]
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID [1115714]
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID [902146]
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID [1289218]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID [26626]
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID [1033984]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [88856]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [73472]
AlternateDataStreams: C:\WINDOWS\system32\WSDScDrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID [63490]
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID [324610]
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID [1943554]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [30722]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [132098]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [104450]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [7856]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [6832]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [11184]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [9904]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [33200]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [8112]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [7088]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [71680]
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpolmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID [828418]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID [97282]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID [117762]
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID [92456]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [1099778]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [2689026]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [1405954]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [2034176]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID [43520]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [5971970]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID [2414594]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [40516]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID [12032]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [971520]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID [832514]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID [221696]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [1169314]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [183552]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [100352]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [269824]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID [1073154]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [49664]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID [952322]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID [115456]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [60956]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [1240066]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZE.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZEL.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZST.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kbdgeoqw.dll:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [491522]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [4649490]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [966658]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [350180]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [2231282]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [55272]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID [38468]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID [1487874]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID [198274]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID [548562]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID [231888]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID [550626]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2adec.dll:$CmdTcID [2969778]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID [337922]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [12426242]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [3807698]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID [240770]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID [196780]
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID [106496]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID [7168]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID [26624]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [182272]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID [417794]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [1039362]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID [1123330]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID [428032]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [114636]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID [79360]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [1495042]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [96060]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID [365570]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID [43010]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID [514434]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID [282626]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [1040386]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [1335298]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [1048578]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [296962]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [3625986]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ssdevm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ssusbpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [610306]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID [719874]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [1499138]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [5103618]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID [184576]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [2037762]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [2394114]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID [91928]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [105472]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [750594]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [3093506]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [70912]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID [289024]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID [518840]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID [1829346]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID [121516]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID [443648]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID [2823170]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID [5057570]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID [1223568]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID [246368]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [201216]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID [368128]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID [984832]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [297506]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID [52226]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID [72192]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID [1622018]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID [13568]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [279808]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [160770]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID [115714]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ccusbmid.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ccusbmid.sys:$CmdZnID [26]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpfve.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [308866]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID [54272]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID [29856]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64514]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID [102018]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID [15104]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mup.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiswan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\parport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID [56320]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [72704]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [478850]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\serenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\serial.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID [13056]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [310962]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tunnel.sys:$CmdTcID [77056]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID [158208]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usb8023.sys:$CmdTcID [10496]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbd.sys:$CmdTcID [13996]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [183986]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [937650]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbohci.sys:$CmdTcID [60418]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBSTOR.SYS:$CmdTcID [74416]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbuhci.sys:$CmdTcID [74754]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [162732]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volmgr.sys:$CmdTcID [149170]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volsnap.sys:$CmdTcID [633522]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifibus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwififlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifimp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID [273026]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winusb.sys:$CmdTcID [157698]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WSDScan.sys:$CmdTcID [64]
HOSTS:
CMD: Removeproxy
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************

Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40525C58-79C2-47A1-9AA2-F1D7FC4F0691} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask => key not found
C:\Users\Sculptor\AppData\Local\Temp\Checkupdate.exe => moved successfully
C:\Users\Sculptor\AppData\Local\Temp\Foxit Reader Updater.exe => moved successfully
C:\Users\Sculptor\AppData\Local\Temp\gcapi_dll.dll => moved successfully
C:\Users\Sculptor\AppData\Local\Temp\gtapi_signed.dll => moved successfully
C:\WINDOWS\explorer.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\notepad.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\prinst.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\Wiainst64.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ActionQueue.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\actxprxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\adhsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\adsmsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\adtschema.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\apisetschema.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\apphelp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\appinfo.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppxAllUserStore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppXDeploymentExtensions.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppXDeploymentServer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AudioEndpointBuilder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\audiosrv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\auditpolmsg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AuthHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bcrypt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bcryptprimitives.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BdeHdCfg.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BdeHdCfgLib.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bdesvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\catsrvut.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\certenc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CertEnroll.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cfgbkend.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\clfsw32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\coin94.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\coin95itp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\coin97ip.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\coin97itp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\coin98ip.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\coin98itp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\coin99ip.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\coin99itp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\COLORCNV.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\comctl32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\compstui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\comsvcs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\consent.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CPFilters.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cryptxml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\csrsrv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\d2d1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\d3d10level9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\d3d11.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dab.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\davclnt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dbgeng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dbghelp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\devenum.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\diagtrack.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dsparse.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dssenh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dwmcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dxtmsft.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EncDec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\esent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\evr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fhcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\FirewallAPI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fveapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fvecpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\FwRemoteSvr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GeofenceMonitorService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GlobCollationHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gpapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gpresult.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gpscript.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hbaapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hgcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hhctrl.ocx => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hlink.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\httpprxm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\httpprxp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\icm32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ieui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\inetpp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\InkEd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\input.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\inseng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\IPHLPAPI.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iphlpsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\IPSECSVC.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iscsidsc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iscsiexe.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iscsiwmi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\jscript9diag.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\KBDAZE.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\KBDAZEL.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\KBDAZST.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\kbdgeoqw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ksproxy.ax => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\LocationApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\lsm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mcupdate_GenuineIntel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfds.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfnetcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfnetsrc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfsvr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfvdsp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MFWMAAEC.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\microsoft-windows-system-events.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MP3DMOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MP43DECD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MP4SDECD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MPG4DECD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mprddm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mprdim.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MPSSVC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mscms.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msdtcprx.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msiexec.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msmpeg2adec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msobjs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msra.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msrating.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mstscax.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msv1_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mswsock.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msxml6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NcdAutoSetup.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ncrypt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ncryptsslp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\netcfgx.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\notepad.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ntshrui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ntvdm64.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nvaudcap64v.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\offreg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PCPKsp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PhotoMetadataHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pku2u.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PlayToDevice.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pmcsnap.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pnidui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\polstore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\poqexec.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ppcsnap.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\profsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\puiapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\qdvd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\qedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rasapi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rascustom.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rasman.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rasppp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rastapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rdpclip.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rdpcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rdvidcrl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RESAMPLEDMO.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RestoreOptIn.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rpcrt4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rsaenh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SaErHdlr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SaImgFlt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SaMinDrv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\schedsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\schtasks.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sdbinst.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sechost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\seclogon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\services.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingMonitor.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingsHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingSyncCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingSyncHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\shacct.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\shsetup.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppobjs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppsvc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppwinob.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SRH.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Ssdevm64.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sspicli.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Ssusbp64.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\stobject.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\storewuauth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\StructuredQuery.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sxa6mci.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sxa6mci.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sxa6mlm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SysFxUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sysmain.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SystemEventsBrokerServer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SystemSettingsAdminFlows.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SystemSettingsDatabase.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\taskeng.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\themecpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tracerpt.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\twinui.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tzsync.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UIAnimation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UIAutomationCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\user32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UserAccountBroker.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\usercpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UtcResources.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\VIDRESZR.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vmrdvcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vpnike.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\VSSVC.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wbengine.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WdfCoInstaller01009.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WebClnt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\webio.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wevtsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wfapigp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WiFiDisplay.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.Geolocation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Globalization.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Streaming.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Immersive.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Input.Inking.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Xaml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winhttp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wininit.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winlogon.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WinSetupUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winspool.drv => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WinSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wintrust.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMADMOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMADMOE.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMALFXGFXDSP.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMASF.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmploc.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMSPDMOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMSPDMOE.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMVDECOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMVENCOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMVSDECD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMVSENCD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMVXENCD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wow64.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wow64cpu.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpdshext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ws2_32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WSDScDrv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WsmAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WsmAuto.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WSShared.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wu.upgrade.ps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wups.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wups2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wwanconn.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wwanmm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xolehlp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\actxprxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\adsmsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\adtschema.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppxAllUserStore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\auditpolmsg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\bcrypt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\bcryptprimitives.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\catsrvut.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\certenc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CertEnroll.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cfgbkend.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\clfsw32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\COLORCNV.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\comctl32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\comsvcs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CPFilters.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cryptxml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d2d1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d10level9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d11.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\davclnt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dbgeng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dbghelp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\devenum.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dsparse.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dssenh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dwmcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dxtmsft.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\EncDec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\esent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\evr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\explorer.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\FirewallAPI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\FwRemoteSvr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\GlobCollationHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gpapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gpresult.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gpscript.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\hbaapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\hgcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\hhctrl.ocx => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\hlink.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\icm32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ieui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\InkEd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\input.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\IPHLPAPI.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iscsidsc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iscsiwmi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\javaws.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\jscript9diag.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\KBDAZE.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\KBDAZEL.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\KBDAZST.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\kbdgeoqw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ksproxy.ax => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LocationApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfds.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfnetcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfnetsrc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfsvr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfvdsp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MFWMAAEC.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MP3DMOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MP43DECD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MP4SDECD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MPG4DECD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mprddm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mprdim.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mscms.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msdtcprx.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msiexec.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msmpeg2adec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msobjs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msrating.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mstscax.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msv1_0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mswsock.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msxml6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ncrypt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ncryptsslp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\netcfgx.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\notepad.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ntshrui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ntvdm64.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\nvaudcap32v.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\offreg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\olepro32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PCPKsp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\pdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\pku2u.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PlayToDevice.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\polstore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\poqexec.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PrintConfig.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\puiapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\puiobj.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\qdvd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\qedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rasapi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rasman.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rasppp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rastapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rdpcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rdvidcrl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\RestoreOptIn.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rgb9rast.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rpcrt4.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rsaenh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\schtasks.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sdbinst.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sechost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SettingMonitor.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SettingSyncCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SettingSyncHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\shacct.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\shsetup.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SRH.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Ssdevm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sspicli.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Ssusbpn.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\stobject.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\StructuredQuery.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\taskeng.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\themecpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tracerpt.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\twinui.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIAnimation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIAutomationCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\user32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserAccountBroker.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\usercpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\VIDRESZR.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WebClnt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\webio.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wfapigp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Globalization.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\winhttp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\winspool.drv => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WinSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wintrust.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMADMOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMADMOE.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMASF.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmploc.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMSPDMOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMSPDMOE.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMVDECOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMVENCOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMVSDECD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMVSENCD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMVXENCD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wpdshext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ws2_32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wscapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WsmAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WsmAuto.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WSShared.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wups.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xolehlp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\afd.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\agilevpn.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ahcache.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\bowser.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\bthhfenum.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ccusbmid.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ccusbmid.sys => ":$CmdZnID" ADS removed successfully
C:\WINDOWS\system32\Drivers\Classpnp.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\cmimcext.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\cng.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dc3d.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dumpfve.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dumpsd.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\fvevol.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\hidclass.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\hidparse.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\hidusb.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\i8042prt.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\IPMIDrv.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\kbdclass.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\kbdhid.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ksecdd.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ksecpkg.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mouclass.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mouhid.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mup.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ndiswan.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\nvvad64v.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\parport.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\rasl2tp.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\rdbss.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\refs.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\rmcast.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\sdbus.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\serenum.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\serial.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\sermouse.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tpm.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tunnel.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\udfs.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\usb8023.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\usbd.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\usbehci.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\USBHUB3.SYS => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\usbohci.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\USBSTOR.SYS => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\usbuhci.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\USBXHCI.SYS => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vhdmp.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\volmgr.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\volsnap.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vwifibus.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vwififlt.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vwifimp.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\wfplwfs.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\winusb.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\WSDScan.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= Removeproxy =========

'Removeproxy' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-DxpTaskRingtone/Analytic. The system cannot find the file specified.

========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{CBBC9B01-3C9B-432D-8264-902A4BC36187} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13045425 B
Java, Flash, Steam htmlcache => 6446223 B
Windows/system/drivers => 10557747 B
Edge => 0 B
Chrome => 0 B
Firefox => 454432579 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 8876 B
LocalService => 22016982 B
NetworkService => 41924 B
Sculptor => 186156827 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 668.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:35:19 ====

 

 

# AdwCleaner 7.0.5.0 - Logfile created on Tue Dec 19 02:47:34 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-18-2017.1
# Running on Windows 8.1 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2246 B] - [2017/12/13 13:8:19]
C:/AdwCleaner/AdwCleaner[S0].txt - [2023 B] - [2017/12/13 13:5:42]
C:/AdwCleaner/AdwCleaner[S1].txt - [1081 B] - [2017/12/14 2:28:49]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:40 AM

Posted 19 December 2017 - 01:40 PM

We will need to run this fix in the Recovery Console:

 

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Also download the enclosed file [attachment=200645:Fixlist.txt]  and save it in the same location FRST(64) was saved in the flash drive

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt


  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for it to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Post it in your next reply

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 20 December 2017 - 03:14 PM

JSntgRvr,

 

I put the two files on a memory device, when I restart and hit F8, I get an option to change boot drive order. I changed it to the memory device. But then the computer restarts as normal, into Windows. I've tried this seveeral times. When I look at the boot order in the BIOS, it still shows the memory device as being the first one.

 

I'v etried to look around in the BIOS and I see many settings. But unfortunately, nowhere do I see the option to select Repair your computer.  Any ideas?

 

FULL DISCLOSURE: rather than a flash drive per se, I am using a digital recorder with three files at the top of the directory: the two files recommended by you and also on folder called "ignore this folder."



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:40 AM

Posted 20 December 2017 - 04:27 PM

You are not going to boot to the Memory device. You will be selecting the Recovery Environment. It is a type of boot to troubleshooting, such as Safe Mode, but more advanced.

 

While on Windows 8.1, search for PC Settings. Select that option. On the next screen there will be some options. Select Update and Recovery. On the next screen select Recovery and on the Right Pane, under Advanced Startup, select Restart Now.

 

The computer will restart to an Advanced Menu, click on Troubleshooting and then the Advanced options button. When the advanced options screen opens, click on the Command Prompt option. Once in the command prompt follow the instructions above to run FRST64 and the Fixlist Fix.

 

Here are other instructions.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:40 AM

Posted 20 December 2017 - 04:30 PM

FULL DISCLOSURE: rather than a flash drive per se, I am using a digital recorder with three files at the top of the directory: the two files recommended by you and also on folder called "ignore this folder."

 

As long as it can be read in the recovery environment, that's OK


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 20 December 2017 - 05:14 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by SYSTEM (20-12-2017 17:03:04) Run:3
Running from E:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
URLSearchHook: [S-1-5-21-4249298081-3529762593-763126968-1001] ATTENTION => Default URLSearchHook is missing
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File]
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
2017-10-29 19:53 - 2013-07-25 09:15 - 000026688 _____ (Foxit Corporation) C:\Users\Sculptor\AppData\Local\Temp\Checkupdate.exe
2017-10-29 19:53 - 2013-07-25 16:38 - 007682112 _____ (Foxit Corporation) C:\Users\Sculptor\AppData\Local\Temp\Foxit Reader Updater.exe
2017-10-29 19:53 - 2013-06-09 20:59 - 000216064 _____ () C:\Users\Sculptor\AppData\Local\Temp\gcapi_dll.dll
2017-10-29 19:53 - 2013-06-09 22:38 - 000073408 _____ () C:\Users\Sculptor\AppData\Local\Temp\gtapi_signed.dll
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID [442370]
AlternateDataStreams: C:\WINDOWS\prinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\Wiainst64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [7856]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [6832]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [10416]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [9904]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [31920]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [8112]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [7088]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID [282112]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [83456]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [1910786]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [2696194]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [460802]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [455680]
AlternateDataStreams: C:\WINDOWS\system32\auditpolmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [366738]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID [1044482]
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID [31232]
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID [37632]
AlternateDataStreams: C:\WINDOWS\system32\coin94.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin95itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin98ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin98itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin99ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin99itp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID [101508]
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID [1307650]
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID [619522]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [3414018]
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [1796098]
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [9420802]
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID [208898]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [8835074]
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID [2982914]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [181810]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID [60418]
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [1128448]
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID [244992]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [266240]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [1470994]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [665602]
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID [1044482]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [299776]
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID [1338370]
AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [54272]
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID [536578]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID [53760]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [320322]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID [407040]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZE.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZEL.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZST.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\kbdgeoqw.dll:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [579586]
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [1561602]
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID [1073842]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [4668210]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [1207298]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [425340]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [2576258]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [122148]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID [180786]
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID [234240]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID [233442]
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID [496866]
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID [314800]
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID [501042]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2adec.dll:$CmdTcID [3755010]
AlternateDataStreams: C:\WINDOWS\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID [1233922]
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID [399362]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [14064642]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [5062802]
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID [37376]
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID [275954]
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID [974514]
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID [442370]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID [33794]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID [121858]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID [890882]
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID [129536]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pmcsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ppcsnap.dll:$CmdTcID [130048]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [457730]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [681986]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [1340418]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID [550912]
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID [123428]
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [2614658]
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [109224]
AlternateDataStreams: C:\WINDOWS\system32\SaErHdlr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SaImgFlt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SaMinDrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [632576]
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID [458754]
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID [49154]
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID [720962]
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID [63490]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [820258]
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID [346114]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID [5639170]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [1311746]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [420864]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [326912]
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [96256]
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [1081088]
AlternateDataStreams: C:\WINDOWS\system32\Ssdevm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Ssusbp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [168192]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [400386]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mci.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sxa6mlm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID [189440]
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID [2434050]
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID [589826]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [136632]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [1085952]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID [58368]
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID [234496]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [1902594]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [5184514]
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID [205824]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzsync.exe:$CmdTcID [126978]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [624640]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [2556930]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [83970]
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID [598162]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [727552]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [848128]
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID [65024]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [549890]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [1068034]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [864000]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [345090]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [1141762]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [179968]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID [1426434]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID [2420402]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID [575116]
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID [899240]
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID [146348]
AlternateDataStreams: C:\WINDOWS\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID [2021378]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID [3328002]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [5490370]
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID [1225120]
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID [1115714]
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID [902146]
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID [1289218]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID [26626]
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID [1033984]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [88856]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [73472]
AlternateDataStreams: C:\WINDOWS\system32\WSDScDrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID [63490]
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID [324610]
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID [1943554]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [30722]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [132098]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [104450]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [7856]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [6832]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [11184]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [9904]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [33200]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [6320]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [8112]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [8880]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [7088]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [24258]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [71680]
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpolmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID [828418]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID [97282]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID [117762]
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID [92456]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [1099778]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [2689026]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [1405954]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [2034176]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID [43520]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [5971970]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID [2414594]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [40516]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID [12032]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [971520]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID [832514]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID [221696]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [1169314]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [183552]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [100352]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [269824]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID [1073154]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [49664]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID [952322]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID [115456]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [60956]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [1240066]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZE.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZEL.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZST.DLL:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kbdgeoqw.dll:$CmdTcID [3584]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [491522]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [4649490]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [966658]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [350180]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [2231282]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [55272]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID [38468]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID [1487874]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID [198274]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID [548562]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID [231888]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID [550626]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2adec.dll:$CmdTcID [2969778]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID [337922]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [12426242]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [3807698]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID [240770]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID [196780]
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID [106496]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID [7168]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID [26624]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [182272]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID [417794]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [1039362]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID [1123330]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID [428032]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [114636]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID [79360]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [1495042]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [96060]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID [365570]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID [43010]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID [514434]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID [282626]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [1040386]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [1335298]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [1048578]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [296962]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [3625986]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ssdevm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ssusbpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [610306]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID [719874]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [1499138]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [5103618]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID [184576]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [2037762]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [2394114]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID [91928]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [105472]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [750594]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [3093506]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [70912]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID [289024]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID [518840]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID [1829346]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID [121516]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID [443648]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID [2823170]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID [5057570]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID [1223568]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID [246368]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [201216]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID [368128]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID [984832]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [297506]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID [52226]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID [72192]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID [1622018]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID [13568]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [279808]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [160770]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID [115714]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ccusbmid.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ccusbmid.sys:$CmdZnID [26]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpfve.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [308866]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID [54272]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID [29856]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64514]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID [102018]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID [15104]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mup.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiswan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\parport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID [56320]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [72704]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [478850]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\serenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\serial.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID [13056]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [310962]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tunnel.sys:$CmdTcID [77056]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID [158208]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usb8023.sys:$CmdTcID [10496]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbd.sys:$CmdTcID [13996]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [183986]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [937650]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbohci.sys:$CmdTcID [60418]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBSTOR.SYS:$CmdTcID [74416]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbuhci.sys:$CmdTcID [74754]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [162732]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volmgr.sys:$CmdTcID [149170]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volsnap.sys:$CmdTcID [633522]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifibus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwififlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifimp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID [273026]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winusb.sys:$CmdTcID [157698]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WSDScan.sys:$CmdTcID [64]

*****************

URLSearchHook: [S-1-5-21-4249298081-3529762593-763126968-1001] ATTENTION => Default URLSearchHook is missing => Error: The entry should be fixed outside recovery mode.
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] => Error: The entry should be fixed outside recovery mode.
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] => Error: The entry should be fixed outside recovery mode.
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File] => Error: The entry should be fixed outside recovery mode.
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File] => Error: The entry should be fixed outside recovery mode.
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
C:\Users\Sculptor\AppData\Local\Temp\Checkupdate.exe => moved successfully
C:\Users\Sculptor\AppData\Local\Temp\Foxit Reader Updater.exe => moved successfully
C:\Users\Sculptor\AppData\Local\Temp\gcapi_dll.dll => moved successfully
C:\Users\Sculptor\AppData\Local\Temp\gtapi_signed.dll => moved successfully
C:\WINDOWS\explorer.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\notepad.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\prinst.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\Wiainst64.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\ActionQueue.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\actxprxy.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\adhsvc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\adsmsext.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\adtschema.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\apisetschema.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\apphelp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\appinfo.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\AppxAllUserStore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\AppXDeploymentExtensions.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\AppXDeploymentServer.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\AudioEndpointBuilder.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\audiosrv.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\auditpolmsg.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\AuthHost.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\bcrypt.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\bcryptprimitives.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\BdeHdCfg.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\BdeHdCfgLib.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\bdesvc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\catsrvut.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\certenc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\CertEnroll.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\cfgbkend.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\clfsw32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\coin94.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\coin95itp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\coin97ip.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\coin97itp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\coin98ip.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\coin98itp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\coin99ip.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\coin99itp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\COLORCNV.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\comctl32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\compstui.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\comsvcs.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\consent.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\CPFilters.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\cryptxml.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\csrsrv.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\d2d1.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\d3d10level9.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\d3d11.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\dab.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\davclnt.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\dbgeng.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\dbghelp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\devenum.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\diagtrack.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\dsparse.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\dssenh.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\dwmcore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\dxtmsft.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\EncDec.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\esent.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\evr.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\fhcpl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\FirewallAPI.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\fveapi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\fvecpl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\FwRemoteSvr.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\GeofenceMonitorService.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\GlobCollationHost.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\gpapi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\gpresult.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\gpscript.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hbaapi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hgcpl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hhctrl.ocx => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\hlink.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\httpprxm.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\httpprxp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\icm32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\ieui.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\inetpp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\InkEd.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\input.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\inseng.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\IPHLPAPI.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\iphlpsvc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\IPSECSVC.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\iscsidsc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\iscsiexe.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\iscsiwmi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\jscript9diag.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\KBDAZE.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\KBDAZEL.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\KBDAZST.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\kbdgeoqw.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\ksproxy.ax => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\LocationApi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\lsm.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mcupdate_GenuineIntel.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mfcore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mfds.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mfnetcore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mfnetsrc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mfps.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mfsvr.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mfvdsp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\MFWMAAEC.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\microsoft-windows-system-events.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\MP3DMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\MP43DECD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\MP4SDECD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\MPG4DECD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mprddm.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mprdim.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\MPSSVC.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mscms.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\msdtcprx.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\msi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\msiexec.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\msmpeg2adec.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\msobjs.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\msra.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\msrating.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mstscax.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\msv1_0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\MSVidCtl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\mswsock.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\msxml6.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\NcdAutoSetup.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\ncrypt.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\ncryptsslp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\netcfgx.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\notepad.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\ntshrui.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\ntvdm64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\nvaudcap64v.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\offreg.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\PCPKsp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\pdh.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\PhotoMetadataHandler.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\pku2u.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\PlayToDevice.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\pmcsnap.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\pnidui.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\polstore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\poqexec.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\ppcsnap.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\profsvc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\puiapi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\qdvd.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\qedit.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\rasapi32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\rascustom.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\rasman.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\rasppp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\rastapi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\rdpclip.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\rdpcore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\rdvidcrl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\RESAMPLEDMO.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\RestoreOptIn.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\rpcrt4.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\rsaenh.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SaErHdlr.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SaImgFlt.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SaMinDrv.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\schedsvc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\schtasks.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\sdbinst.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\sechost.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\seclogon.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\services.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SettingMonitor.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SettingsHandlers.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SettingSync.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SettingSyncCore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SettingSyncHost.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\shacct.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\shsetup.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\sppobjs.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\sppsvc.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\sppwinob.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SRH.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Ssdevm64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\sspicli.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Ssusbp64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\stobject.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\storewuauth.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\StructuredQuery.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\sxa6mci.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\sxa6mci.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\sxa6mlm.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SysFxUI.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\sysmain.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SystemEventsBrokerServer.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SystemSettingsAdminFlows.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\SystemSettingsDatabase.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\taskeng.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\tdh.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\themecpl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\tracerpt.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\twinui.appcore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\tzsync.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\UIAnimation.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\UIAutomationCore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\user32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\UserAccountBroker.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\usercpl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\UtcResources.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\VIDRESZR.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\vmrdvcore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\vpnike.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\VSSVC.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wbengine.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WdfCoInstaller01009.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WebClnt.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\webio.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wevtsvc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wfapigp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WiFiDisplay.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Windows.Devices.Geolocation.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Windows.Globalization.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Windows.Media.Streaming.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Windows.UI.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Windows.UI.Immersive.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Windows.UI.Input.Inking.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Windows.UI.Xaml.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\winhttp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wininit.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\winlogon.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WinSetupUI.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\winspool.drv => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WinSync.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wintrust.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WMADMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WMADMOE.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WMALFXGFXDSP.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WMASF.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wmploc.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WMSPDMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WMSPDMOE.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WMVDECOD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WMVENCOD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WMVSDECD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WMVSENCD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WMVXENCD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wow64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wow64cpu.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wpdshext.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\ws2_32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wscapi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wscsvc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WSDScDrv.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WsmAgent.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WsmAuto.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\WSShared.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wu.upgrade.ps.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wups.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wups2.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wwanconn.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\wwanmm.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\xolehlp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\actxprxy.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\adsmsext.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\adtschema.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\AppxAllUserStore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\auditpolmsg.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\bcrypt.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\bcryptprimitives.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\catsrvut.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\certenc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\CertEnroll.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\cfgbkend.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\clfsw32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\COLORCNV.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\comctl32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\comsvcs.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\CPFilters.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\cryptxml.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d2d1.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d3d10level9.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\d3d11.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\davclnt.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\dbgeng.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\dbghelp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\devenum.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\dsparse.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\dssenh.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\dwmcore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\dxtmsft.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\EncDec.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\esent.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\evr.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\explorer.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\FirewallAPI.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\FwRemoteSvr.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\GlobCollationHost.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\gpapi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\gpresult.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\gpscript.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\hbaapi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\hgcpl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\hhctrl.ocx => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\hlink.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\icm32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\ieui.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\InkEd.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\input.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\IPHLPAPI.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\iscsidsc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\iscsiwmi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\javaws.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\jscript9diag.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\KBDAZE.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\KBDAZEL.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\KBDAZST.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\kbdgeoqw.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\ksproxy.ax => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\LocationApi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mfcore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mfds.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mfnetcore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mfnetsrc.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mfps.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mfsvr.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mfvdsp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MFWMAAEC.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MP3DMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MP43DECD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MP4SDECD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MPG4DECD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mprddm.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mprdim.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mscms.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\msdtcprx.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\msi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\msiexec.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\msmpeg2adec.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\msobjs.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\msrating.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mstscax.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\msv1_0.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\MSVidCtl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\mswsock.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\msxml6.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\ncrypt.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\ncryptsslp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\netcfgx.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\notepad.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\ntshrui.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\ntvdm64.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\nvaudcap32v.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\offreg.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\olepro32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\PCPKsp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\pdh.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\pku2u.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\PlayToDevice.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\polstore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\poqexec.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\PrintConfig.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\puiapi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\puiobj.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\qdvd.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\qedit.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\rasapi32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\rasman.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\rasppp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\rastapi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\rdpcore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\rdvidcrl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\RestoreOptIn.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\rgb9rast.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\rpcrt4.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\rsaenh.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\schtasks.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\sdbinst.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\sechost.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SettingMonitor.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SettingSync.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SettingSyncCore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SettingSyncHost.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\shacct.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\shsetup.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\SRH.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Ssdevm.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\sspicli.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Ssusbpn.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\stobject.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\StructuredQuery.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\taskeng.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\tdh.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\themecpl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\tracerpt.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\twinui.appcore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\UIAnimation.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\UIAutomationCore.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\user32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\UserAccountBroker.exe => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\usercpl.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\VIDRESZR.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WebClnt.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\webio.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\wfapigp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Windows.Globalization.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Windows.UI.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\winhttp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\winspool.drv => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WinSync.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\wintrust.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WMADMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WMADMOE.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WMASF.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\wmploc.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WMSPDMOD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WMSPDMOE.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WMVDECOD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WMVENCOD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WMVSDECD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WMVSENCD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WMVXENCD.DLL => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\wpdshext.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\ws2_32.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\wscapi.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WsmAgent.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WsmAuto.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\WSShared.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\wups.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\SysWOW64\xolehlp.dll => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\afd.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\agilevpn.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\ahcache.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\bowser.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\bthhfenum.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\ccusbmid.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\ccusbmid.sys => ":$CmdZnID" ADS could not remove.
C:\WINDOWS\system32\Drivers\Classpnp.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\cmimcext.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\cng.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\dc3d.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\dumpfve.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\dumpsd.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\fvevol.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\hidclass.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\hidparse.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\hidusb.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\i8042prt.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\IPMIDrv.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\kbdclass.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\kbdhid.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\ksecdd.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\ksecpkg.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\mouclass.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\mouhid.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\mup.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\ndiswan.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\nvvad64v.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\parport.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\rasl2tp.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\rdbss.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\refs.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\rmcast.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\sdbus.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\serenum.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\serial.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\sermouse.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\tpm.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\tunnel.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\udfs.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\usb8023.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\usbd.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\usbehci.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\USBHUB3.SYS => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\usbohci.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\USBSTOR.SYS => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\usbuhci.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\USBXHCI.SYS => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\vhdmp.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\volmgr.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\volsnap.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\vwifibus.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\vwififlt.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\vwifimp.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\wfplwfs.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\winusb.sys => ":$CmdTcID" ADS removed successfully
C:\WINDOWS\system32\Drivers\WSDScan.sys => ":$CmdTcID" ADS removed successfully

==== End of Fixlog 17:03:12 ====



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:40 AM

Posted 20 December 2017 - 09:41 PM

Please rescan with Frst64 in normal mode and post new logs.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 21 December 2017 - 09:16 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Sculptor (administrator) on BLACKBEAST (21-12-2017 08:54:07)
Running from C:\Users\Sculptor\Downloads\REMOVING VIRUSES
Loaded Profiles: Sculptor & UpdatusUser (Available Profiles: Sculptor & UpdatusUser)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Piano Marvel LLC\Piano Marvel Plugin\PianoMarvel.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
(Xerox Corporation.) C:\WINDOWS\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Xerox Corporation.) C:\WINDOWS\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Xerox Corporation.) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe
() C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\ImageEng.exe
() C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\ImageEng.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-06-30] (Oracle Corporation)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-07] (COMODO)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-08-02] (Safer-Networking Ltd.)
HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\MountPoints2: {33247396-7e17-11e4-bf38-3085a9967f87} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\MountPoints2: {7a975d49-4d43-11e5-bf5e-3085a9967f87} - "F:\pptview.exe" /L "playlist.txt"
HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk [2013-05-17]
ShortcutTarget: Wireless Configuration Utility.lnk -> C:\Program Files\TRENDnet\TEW-648UB\WlanCU.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2017-10-02]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\WINDOWS\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{23570CBD-F8F5-4E88-862D-D36DA18555E1}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{4AE36BC5-5300-4046-80C8-E3479FDA498B}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{4AE36BC5-5300-4046-80C8-E3479FDA498B}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{C8F319BE-8186-4D5E-9624-8E705130F06F}: [DhcpNameServer] 192.168.254.254

Internet Explorer:
==================
URLSearchHook: [S-1-5-21-4249298081-3529762593-763126968-1001] ATTENTION => Default URLSearchHook is missing
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-30] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-30] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF DefaultProfile: yp917fix.default-1399755343859
FF ProfilePath: C:\Users\Sculptor\AppData\Roaming\Mozilla\Firefox\Profiles\yp917fix.default-1399755343859 [2017-12-21]
FF Homepage: Mozilla\Firefox\Profiles\yp917fix.default-1399755343859 -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\yp917fix.default-1399755343859 -> is enabled.
FF Extension: (uBlock Origin) - C:\Users\Sculptor\AppData\Roaming\Mozilla\Firefox\Profiles\yp917fix.default-1399755343859\Extensions\uBlock0@raymondhill.net.xpi [2017-12-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-4249298081-3529762593-763126968-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sculptor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Sculptor\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-03-14] (Cisco WebEx LLC)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10880832 2017-11-21] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-11-21] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-01] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-12-13] (SurfRight B.V.)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-07] (COMODO)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-06-01] (NVIDIA Corporation)
R2 Piano Marvel Plugin; C:\Program Files (x86)\Piano Marvel LLC\Piano Marvel Plugin\PianoMarvel.exe [1563888 2016-02-21] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2016-01-24] (Xerox Corporation.) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CCUSBMIDI; C:\WINDOWS\System32\Drivers\ccusbmid.sys [26624 2016-02-21] (CASIO COMPUTER CO., LTD.)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [35368 2017-11-16] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [824376 2017-11-16] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38032 2015-06-01] (NVIDIA Corporation)
S3 prwntdrv; C:\WINDOWS\system32\prwntdrv.sys [16776 2010-08-25] () [File not signed]
S3 prwntdrv; C:\WINDOWS\SysWOW64\prwntdrv.sys [13704 2010-08-25] () [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-18 21:39 - 2017-12-18 21:40 - 008187336 ____C (Malwarebytes) C:\Users\Sculptor\Desktop\adwcleaner_7.0.5.0.exe
2017-12-14 22:29 - 2017-12-21 08:54 - 000000000 ___DC C:\FRST
2017-12-14 02:15 - 2017-12-14 02:15 - 000255928 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\3246F3FE.sys
2017-12-14 02:01 - 2017-12-14 02:01 - 000255928 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\3747839E.sys
2017-12-13 22:36 - 2017-12-04 11:23 - 000835576 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-13 22:36 - 2017-12-04 11:23 - 000177656 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-13 22:03 - 2017-12-13 22:03 - 000000876 ____C C:\WINDOWS\system32\.crusader
2017-12-13 22:00 - 2017-12-13 22:00 - 000001905 ____C C:\Users\Public\Desktop\HitmanPro.lnk
2017-12-13 22:00 - 2017-12-13 22:00 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-12-13 22:00 - 2017-12-13 22:00 - 000000000 ___DC C:\Program Files\HitmanPro
2017-12-13 21:58 - 2017-12-13 22:03 - 000000000 ___DC C:\ProgramData\HitmanPro
2017-12-13 09:00 - 2017-12-13 09:00 - 000255928 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\52570660.sys
2017-12-13 08:57 - 2017-12-18 21:25 - 000000000 ___DC C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-13 08:57 - 2017-12-14 22:22 - 000000000 ____D C:\Users\Sculptor\Desktop\mbar
2017-12-13 08:32 - 2017-12-13 08:32 - 000000000 ___DC C:\ProgramData\MB3CoreBackup
2017-12-13 08:17 - 2017-12-18 21:38 - 000000000 ___DC C:\ProgramData\Malwarebytes
2017-12-13 08:17 - 2017-12-13 08:17 - 000000000 ___DC C:\Program Files\Malwarebytes
2017-12-13 08:03 - 2017-12-18 21:47 - 000000000 ___DC C:\AdwCleaner
2017-12-13 07:53 - 2017-12-13 21:18 - 000003898 _____ C:\Users\Sculptor\Desktop\Rkill.txt
2017-12-12 23:43 - 2017-11-17 10:37 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-12-12 23:43 - 2017-11-13 22:57 - 025731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-12 23:43 - 2017-11-13 22:30 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-12 23:43 - 2017-11-13 22:25 - 005925888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-12 23:43 - 2017-11-13 22:20 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-12 23:43 - 2017-11-13 21:48 - 015267328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-12 23:43 - 2017-11-13 21:27 - 001544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-12 23:43 - 2017-11-13 20:37 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-12 23:43 - 2017-11-13 20:10 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-12 23:43 - 2017-11-13 19:32 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-12 23:43 - 2017-11-08 10:55 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-12-12 23:43 - 2017-11-07 16:15 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 23:43 - 2017-11-07 15:49 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 23:43 - 2017-11-07 15:46 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 23:43 - 2017-11-07 15:39 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-12 23:43 - 2017-11-07 15:27 - 004509696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-12 23:43 - 2017-11-07 15:18 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-12-12 23:43 - 2017-11-07 15:08 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-12-12 23:43 - 2017-11-07 15:02 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-12-12 23:43 - 2017-11-07 15:01 - 001313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-12 23:43 - 2017-10-18 12:14 - 000136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-12 23:43 - 2017-10-14 02:23 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-12-12 23:43 - 2017-10-14 02:17 - 003717632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-12 23:43 - 2017-10-14 01:19 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-12-12 23:43 - 2017-10-10 11:39 - 001192960 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2017-12-12 23:43 - 2017-10-10 11:29 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2017-12-12 23:43 - 2017-10-10 10:42 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2017-12-12 23:43 - 2017-10-10 09:58 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2017-12-12 23:42 - 2017-11-13 21:55 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-12-12 23:42 - 2017-11-13 21:48 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-12-12 23:42 - 2017-11-13 21:39 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-12 23:42 - 2017-11-13 21:16 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-12-12 23:42 - 2017-11-07 15:29 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-12-12 23:42 - 2017-11-07 15:27 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 23:42 - 2017-11-07 15:22 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-12-12 23:42 - 2017-11-07 15:04 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-12 23:42 - 2017-11-07 14:58 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-12-12 23:42 - 2017-10-14 02:55 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-12-12 23:42 - 2017-10-14 02:29 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-12 23:42 - 2017-10-14 01:41 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-12-12 22:33 - 2017-12-12 22:33 - 000000000 ___DC C:\Users\Sculptor\AppData\Local\ESET
2017-12-12 16:08 - 2017-12-18 21:38 - 000000000 ____D C:\Users\Sculptor\Downloads\REMOVING VIRUSES
2017-12-10 16:43 - 2017-12-10 16:43 - 000003574 _____ C:\WINDOWS\System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-10 16:43 - 2017-12-10 16:43 - 000002077 ____C C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2017-12-10 16:43 - 2017-12-10 16:43 - 000000000 ___DC C:\Program Files (x86)\VulkanRT
2017-12-10 16:43 - 2017-10-27 11:36 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-12-10 16:43 - 2017-10-27 11:12 - 000607168 ____C (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-12-10 16:43 - 2017-10-27 11:12 - 000081856 ____C (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-12-10 16:43 - 2017-10-27 11:06 - 000136312 ____C (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-12-10 16:43 - 2017-09-13 18:20 - 000798008 ____C C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-12-10 16:43 - 2017-09-13 18:20 - 000490296 ____C C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-12-10 16:43 - 2017-09-13 18:19 - 000927544 ____C C:\WINDOWS\system32\vulkan-1.dll
2017-12-10 16:43 - 2017-09-13 18:19 - 000591160 ____C C:\WINDOWS\system32\vulkaninfo.exe
2017-12-08 09:36 - 2017-12-08 09:36 - 000826544 _____ C:\Users\Sculptor\Desktop\FGNewspaper-December.pdf
2017-12-06 22:15 - 2017-12-06 22:15 - 000000000 ____D C:\Users\Sculptor\Documents\3D-CoatV3
2017-11-22 13:00 - 2017-12-21 08:53 - 000000000 ____D C:\Users\Sculptor\Documents\Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-21 08:53 - 2016-11-16 23:58 - 000000000 ___DC C:\Users\Sculptor\AppData\LocalLow\Mozilla
2017-12-21 08:49 - 2013-05-08 11:57 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2017-12-21 08:48 - 2014-08-15 01:00 - 000000000 ___DC C:\Users\Sculptor\AppData\Local\Adobe
2017-12-21 08:46 - 2014-09-24 02:17 - 001168706 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-21 08:46 - 2013-08-22 08:36 - 000000000 ___DC C:\WINDOWS\Inf
2017-12-21 08:45 - 2014-05-31 08:53 - 000000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-12-20 17:10 - 2014-10-10 22:47 - 000000000 ___DC C:\ProgramData\NVIDIA
2017-12-20 17:04 - 2013-08-22 09:45 - 000000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-12-18 21:43 - 2013-05-08 12:37 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4249298081-3529762593-763126968-1000
2017-12-18 21:35 - 2016-03-14 06:04 - 000000000 ___DC C:\Users\Sculptor\AppData\LocalLow\Temp
2017-12-18 21:35 - 2013-08-22 08:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-12-18 21:28 - 2014-10-10 22:49 - 000000000 ____D C:\Users\UpdatusUser
2017-12-18 21:26 - 2014-10-10 22:49 - 000000000 ___DC C:\Users\Sculptor
2017-12-14 23:15 - 2014-05-31 08:53 - 000000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-12-13 22:35 - 2013-08-22 09:44 - 005120184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-13 22:34 - 2012-07-26 02:59 - 000000000 ___DC C:\WINDOWS\CbsTemp
2017-12-13 21:14 - 2013-07-12 01:29 - 000000000 ___DC C:\WINDOWS\system32\MRT
2017-12-13 21:12 - 2017-10-13 03:56 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-13 21:12 - 2013-05-07 02:00 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-13 08:50 - 2014-05-10 19:30 - 000000000 ___DC C:\Program Files (x86)\AV Video Morpher
2017-12-13 08:36 - 2015-04-15 14:24 - 000001970 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2017-12-13 08:36 - 2014-07-31 11:25 - 000001750 _____ C:\WINDOWS\System32\Tasks\{790A3124-5D1E-4937-99D2-E895956B5A97}
2017-12-13 08:36 - 2014-05-31 08:53 - 000003062 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-13 08:36 - 2014-05-31 08:53 - 000002826 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-13 08:36 - 2014-05-12 13:09 - 000002038 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-BlackBeast-Sculptor
2017-12-13 08:36 - 2014-05-10 15:22 - 000001736 _____ C:\WINDOWS\System32\Tasks\{4B076E66-8E98-4AA7-B0F1-5347165D1533}
2017-12-13 08:36 - 2013-09-09 21:41 - 000001772 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4249298081-3529762593-763126968-1000
2017-12-13 08:36 - 2013-09-09 21:41 - 000001666 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4249298081-3529762593-763126968-1000
2017-12-13 08:36 - 2013-08-20 12:03 - 000001712 _____ C:\WINDOWS\System32\Tasks\{EADA3994-BADA-49C2-A0A2-4F9158776E27}
2017-12-13 08:36 - 2013-07-30 10:32 - 000001924 _____ C:\WINDOWS\System32\Tasks\{388042B7-9D7F-48A4-A7C6-FC7E1F1D7180}
2017-12-13 08:36 - 2013-05-06 10:01 - 000001722 _____ C:\WINDOWS\System32\Tasks\{385A2B4C-9D2D-4DD2-A560-CF22B715B198}
2017-12-13 08:08 - 2015-04-15 14:24 - 000038198 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-12-12 16:14 - 2013-09-17 11:29 - 000000000 __HDC C:\ProgramData\CanonIJScan
2017-12-12 16:14 - 2013-09-17 11:29 - 000000000 ___DC C:\Users\Sculptor\AppData\Roaming\Canon
2017-12-12 16:13 - 2015-02-08 12:17 - 000000000 ___DC C:\ProgramData\Garmin
2017-12-12 16:13 - 2015-02-08 12:17 - 000000000 ___DC C:\Program Files (x86)\Garmin
2017-12-12 16:13 - 2014-05-12 11:29 - 000000000 ___DC C:\ProgramData\Package Cache
2017-12-12 16:00 - 2014-05-10 17:34 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-12 09:39 - 2014-05-26 13:57 - 000004152 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-12 09:39 - 2013-08-22 10:36 - 000000000 ___DC C:\WINDOWS\SysWOW64\Macromed
2017-12-12 09:39 - 2013-08-22 10:36 - 000000000 ___DC C:\WINDOWS\system32\Macromed
2017-12-11 17:19 - 2015-03-05 22:36 - 000000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2017-12-11 17:19 - 2014-05-10 17:34 - 000001159 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-10 16:43 - 2014-10-10 22:47 - 000000000 ___DC C:\ProgramData\NVIDIA Corporation
2017-12-10 16:43 - 2014-10-10 22:47 - 000000000 ___DC C:\Program Files\NVIDIA Corporation
2017-12-10 16:43 - 2014-10-10 22:47 - 000000000 ___DC C:\Program Files (x86)\NVIDIA Corporation
2017-12-10 16:43 - 2014-05-11 01:28 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-10 12:05 - 2015-08-20 17:52 - 000000000 ____D C:\Users\Sculptor\AppData\Roaming\.minecraft
2017-12-10 12:05 - 2015-08-20 17:51 - 000000000 ___DC C:\Program Files (x86)\Minecraft
2017-12-07 03:44 - 2014-10-28 12:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-12-06 04:52 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-04 19:25 - 2013-08-22 10:36 - 000000000 ___DC C:\WINDOWS\system32\FxsTmp
2017-11-22 12:49 - 2013-05-09 01:15 - 000000000 ___DC C:\Users\Sculptor\AppData\Roaming\Mozilla
2017-11-21 15:25 - 2014-03-25 19:22 - 000912792 ____C (COMODO) C:\WINDOWS\system32\guard64.dll
2017-11-21 15:25 - 2014-03-25 19:22 - 000702376 ____C (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2017-11-21 15:25 - 2014-03-25 19:22 - 000051808 ____C (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2017-11-21 15:23 - 2014-03-25 19:22 - 000467136 ____C (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2017-11-21 15:21 - 2014-03-25 19:22 - 000371392 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll

==================== Files in the root of some directories =======

2014-06-02 06:57 - 2014-06-02 06:57 - 000000025 ___HC () C:\Users\Sculptor\AppData\Roaming\uninst.log
2014-05-10 21:16 - 2014-05-12 03:25 - 000351173 _____ () C:\Users\Sculptor\AppData\Roaming\VideoPad.dmp
2017-11-16 15:04 - 2017-11-16 15:04 - 000006449 ____C () C:\Users\Sculptor\AppData\Local\recently-used.xbel
2014-06-02 06:57 - 2014-06-02 06:57 - 000000025 ___HC () C:\Users\Sculptor\AppData\Local\uninst.log

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-21 02:44

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Sculptor (21-12-2017 08:54:38)
Running from C:\Users\Sculptor\Downloads\REMOVING VIRUSES
Windows 8.1 Pro (Update) (X64) (2014-10-11 04:00:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4249298081-3529762593-763126968-500 - Administrator - Disabled)
Guest (S-1-5-21-4249298081-3529762593-763126968-501 - Limited - Disabled)
Sculptor (S-1-5-21-4249298081-3529762593-763126968-1000 - Administrator - Enabled) => C:\Users\Sculptor
UpdatusUser (S-1-5-21-4249298081-3529762593-763126968-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD}
AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artec Installation Center (HKLM\...\{D935A2D8-C37D-4090-9683-DC7D6A60D8B9}) (Version: 1.0.2.13 - Artec Group)
Artec Studio (HKLM\...\{90928F73-D490-4A63-9E59-00C7FF458CC0}) (Version: 8.1.1.25 - Artec Group) Hidden
Artec Studio (HKLM-x32\...\InstallShield_{90928F73-D490-4A63-9E59-00C7FF458CC0}) (Version: 8.1.1.25 - Artec Group)
Aurora 3D Text & Logo Maker version 13.05.03 (HKLM-x32\...\{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1) (Version: 13.05.03 - Aurora3D Software)
AV Video Morpher (HKLM-x32\...\AV Video Morpher) (Version: 3.0.53 - AVSOFT Corporation)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Cisco WebEx Meetings (HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
COMODO Antivirus (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 10.0.2.6420 - COMODO Security Solutions Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.4 - Ashisoft)
EaseUS Partition Recovery 5.6.1 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version:  - EaseUS)
FileZilla Client 3.7.2 (HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\FileZilla Client) (Version: 3.7.2 - Tim Kosse)
FotoMorph version 13.9 (HKLM-x32\...\{87A9A094-22A8-4F8A-9B7D-03D7CA48CE15}_is1) (Version: 13.9 - Digital Photo Software)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.10.0.95 - NVIDIA Corporation) Hidden
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.424651.94 - Comodo)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Media Player Codec Pack 4.2.9 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.9 - Media Player Codec Pack)
Microangelo Creation (HKLM-x32\...\Microangelo Creation) (Version:  - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Cartoonizer (HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\f36a791524489639) (Version: 1.0.0.48 - Caricature Software)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.2 (x64 en-US)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
netfabb Studio Basic (HKLM-x32\...\netfabb) (Version:  - )
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Outdoors Unlimited (HKLM-x32\...\OutdoorsUnlimited) (Version: 1.0 - iEntertainment Network)
PartWorks 1.0 (HKLM-x32\...\PartWorks) (Version: 1.0 - ShopBot)
PartWorks3D 1.0 (HKLM-x32\...\PartWorks3D) (Version: 1.0 - ShopBot)
Piano Marvel Plugin (HKLM-x32\...\{B2263BE6-E750-49FD-8F48-BFF3F965A119}) (Version: 4.0 - Piano Marvel LLC)
Poser 4 (HKLM-x32\...\Poser 4) (Version:  - )
Poser 9 (HKLM-x32\...\Poser 9_is1) (Version: 9.0.0 - Smith Micro Software, Inc.)
PoserContent2012 (HKLM\...\Poser Pro_is1) (Version: 9.0.0 - Smith Micro Software, Inc.)
Python 2.7.4 (64-bit) (HKLM\...\{84ADC96C-B7E0-4938-9D6E-2B640D5DA225}) (Version: 2.7.4150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rhinoceros 1.1 (HKLM-x32\...\Rhinoceros 1.1) (Version:  - )
Rhinoceros 4.0 SR5b (HKLM-x32\...\{5B9E1A73-6A74-4DAF-AF1C-DDEBD79C942E}) (Version: 4.0.40226 - Robert McNeel & Associates)
Rhinoceros 4.0 SR9 (HKLM-x32\...\{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}) (Version: 4.0.60309 - Robert McNeel & Associates)
SetIP (HKLM-x32\...\Xerox_SetIP) (Version: 2.00.00.01 - Xerox Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
ShopBot 3 Version 3.6.46 (HKLM-x32\...\ShopBot 3 Control System Software_is1) (Version:  - ShopBot Tools, Inc.)
ShopBot Controller (Driver Removal) (HKLM-x32\...\SBBUCOMM&10C4&83C4) (Version:  - )
Skypeâ„¢ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Packager (x64) (HKLM\...\{5D1DAAC8-F4A4-43E7-8E80-C9476A64EBA6}) (Version: 1.0.6 - Scalable Software)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TRENDnet TEW-648UB Wireless N USB Adapter (HKLM-x32\...\{74A8117D-07C6-4222-AFFD-51421B69DEF0}) (Version: 1.07.0001 - TRENDnet)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.36 - NCH Software)
View User's Guide (HKLM-x32\...\Xerox View User Guide ) (Version: 3.60.45.0 - )
VSDC Free Video Editor version 2.1.8.148 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.1.8.148 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Driver Package - Artec Group (PGRUSBCam) PGRDevices  (01/28/2010 2.0.3.14) (HKLM\...\0986019B0829372B2ED21EA68790F4BC8DC4E59D) (Version: 01/28/2010 2.0.3.14 - Artec Group)
Windows Driver Package - CASIO (CCUSBMIDI) MEDIA  (02/24/2012 1.00.00.0004) (HKLM\...\74347E8ACBB0CD4B3A12C89F2E2FAA6CEFBE40CA) (Version: 02/24/2012 1.00.00.0004 - CASIO)
Windows Driver Package - Lumenera (lmldr28a) Image  (04/01/2010 ) (HKLM\...\9491DEBCF07853F96ABDDA127B99AE29E0CCF525) (Version: 04/01/2010  - Lumenera)
Windows Driver Package - Lumenera (lmldr29a) Image  (04/01/2010 ) (HKLM\...\576BF94EEF314553AEA1997A8781784E527721DC) (Version: 04/01/2010  - Lumenera)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.05.93 (4/11/2014) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.00(4/21/2014) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.01 (5/20/2014) - Xerox Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-11-21] (COMODO)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2013-04-06] (Foxit Corporation)
ContextMenuHandlers1-x32: [RhinoShExt] -> {C81DCBCA-8AE2-41FC-9C39-78B160393210} => C:\Program Files (x86)\Rhinoceros 4.0\System\RhinoShExt.dll [2011-03-09] (Robert McNeel & Associates)
ContextMenuHandlers1-x32: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1-x32: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-11-21] (COMODO)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-11-21] (COMODO)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F847886-96DE-4923-B2E1-257924A418E4} - System32\Tasks\{385A2B4C-9D2D-4DD2-A560-CF22B715B198} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Sculptor\Downloads\rh40eval_en_20110309.exe -d C:\Users\Sculptor\Desktop
Task: {11021A89-AB0B-46D4-AFE1-859CDFBBB7D8} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {1B1CDE3E-CA66-42D0-8947-99E9BF33951D} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-11-21] (COMODO)
Task: {35E0F7E2-7E0E-4503-95B7-E515170D3856} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-12] (Adobe Systems Incorporated)
Task: {3B4EEA39-C70B-459B-970A-C64E607C1189} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {41121277-EF98-438C-9A42-2A55C901DF3B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {49E5F367-B621-4ABA-84FB-6DA202C616DC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4249298081-3529762593-763126968-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {50BBE44D-7D5C-4FF4-8D40-25385FE1D8A2} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2017-11-09] ()
Task: {57DD971A-81F2-4B23-82BB-4E36F6D8EE02} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2017-11-21] (COMODO)
Task: {69393865-A507-4D55-94A5-4BA56CBC9113} - System32\Tasks\{4B076E66-8E98-4AA7-B0F1-5347165D1533} => C:\WINDOWS\system32\pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe -c -maintain plugin
Task: {6DCFEDBC-FB66-488F-B9AA-806A5E6352B6} - System32\Tasks\Microsoft\Windows\SysResetServicingCleanup => C:\$SysReset\Framework\Stack\SystemResetOSUpdates.exe
Task: {6E206660-3921-4300-AB50-09692FC24215} - System32\Tasks\AdobeAAMUpdater-1.0-BlackBeast-Sculptor => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {7D5954EE-87E2-4CDA-806F-0F85AA3324D8} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {8F4EB8E7-9CAB-497D-881C-59974C2FA567} - System32\Tasks\{EADA3994-BADA-49C2-A0A2-4F9158776E27} => C:\WINDOWS\system32\pcalua.exe -a "D:\程åºåˆ»å½•å›½å¤–\DSP0501 English\0501(English).exe" -d "D:\程åºåˆ»å½•å›½å¤–\DSP0501 English"
Task: {967650E7-C7A7-48EA-89FB-1F20EBBDA3B5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4249298081-3529762593-763126968-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9E0F98A8-173D-414A-A27F-518C07571BBE} - System32\Tasks\{790A3124-5D1E-4937-99D2-E895956B5A97} => C:\WINDOWS\system32\pcalua.exe -a "E:\Downloads\CREATIVE webcam\WCIS_PCDrv_US_2_00_04_0825.EXE" -d "E:\Downloads\CREATIVE webcam"
Task: {AF7C9FE1-D51F-4CBF-880F-463BAFC226EA} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {BC7E6568-D0EB-4E96-8194-A84ADFE37522} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {BCC68972-9119-4BC0-9272-6273E33A19AD} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-11-21] (COMODO)
Task: {C48E63F8-15AC-4C93-9D0A-4B423D479C34} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D6301D90-A86D-4DC8-9471-0CF5AA0D022E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {E7B2C544-B78B-4C8C-8F19-62D79B9EDFAA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E9101A59-59F9-40FE-BD90-89E3184BF3F1} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {F96959A5-A2BE-4D03-9966-C6249CC678E7} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-11-21] (COMODO)
Task: {FA568466-79D4-4DCA-A8B4-D1AEA16FA1CD} - System32\Tasks\{388042B7-9D7F-48A4-A7C6-FC7E1F1D7180} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=12007

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-01-24 09:13 - 2016-01-24 09:13 - 000034304 _____ () C:\WINDOWS\System32\sxa6mlm.dll
2017-04-06 15:15 - 2017-11-21 15:23 - 000156864 ____C () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2014-03-25 19:22 - 2017-11-21 15:22 - 000106688 ____C () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2014-03-25 19:22 - 2017-11-21 15:22 - 000241856 ____C () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2015-08-19 23:53 - 2016-02-21 16:21 - 001563888 _____ () C:\Program Files (x86)\Piano Marvel LLC\Piano Marvel Plugin\PianoMarvel.exe
2015-08-19 20:44 - 2015-08-19 20:44 - 000365568 _____ () C:\WINDOWS\system32\SaMinDrv.dll
2014-05-15 19:02 - 2015-08-19 20:44 - 000091136 _____ () C:\WINDOWS\system32\ssdevm64.dll
2013-05-17 11:46 - 2008-06-26 18:09 - 000167936 _____ () C:\Program Files\TRENDnet\TEW-648UB\WlanWpsSvc.exe
2012-03-09 08:58 - 2012-03-09 08:58 - 000462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 08:58 - 2012-03-09 08:58 - 000057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2013-04-15 17:39 - 2017-09-07 03:39 - 000073920 ____C () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2013-07-18 08:02 - 2013-07-18 08:02 - 000062000 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\ImageEng.exe
2015-01-26 04:44 - 2014-05-13 12:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-26 04:44 - 2014-05-13 12:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-26 04:44 - 2014-05-13 12:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-26 04:44 - 2012-08-23 10:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-26 04:44 - 2012-04-03 17:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-08-06 12:43 - 2013-08-06 12:43 - 000093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000310272 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sslog.dll
2013-04-10 04:38 - 2013-04-10 04:38 - 000615424 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\SAStyle.cjstyles
2012-03-09 08:58 - 2012-03-09 08:58 - 000056696 ____C () C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrvPS.dll
2013-04-10 04:50 - 2013-04-10 04:50 - 002560512 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\sf.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000122368 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\lua5.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000724992 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\BitmapBuffer.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000071680 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_Adjustment.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000129536 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_AutoCrop.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000079360 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_AutoRotate.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000066048 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_BkgRemoval.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000054784 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_BlankPageDetection.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000099840 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_BMP.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000104448 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_BookScan.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000060928 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_ColorCorrection.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000076800 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_Descreen.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 002455040 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_ePub.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000070656 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_Filter.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000069632 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_FringeRemoval.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000227328 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_ImageStitching.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000143872 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_J2K.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000321536 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_JPEG.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 001069056 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_LSSIP.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 001223680 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_PDF.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000214528 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_PNG.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000065536 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_ScanHDR.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000118784 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_Segment.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 001591296 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_SF.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000781312 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_TIFF.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000048640 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_Transform.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000058368 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_Watermark.dll
2013-07-18 08:02 - 2013-07-18 08:02 - 000145408 ____C () C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\sie_XPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4249298081-3529762593-763126968-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-12-18 21:34 - 000000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4249298081-3529762593-763126968-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sculptor\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
HKU\S-1-5-21-4249298081-3529762593-763126968-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CodecPackUpdateChecker.lnk"
HKLM\...\StartupApproved\Run: => "Nvtmru"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-4249298081-3529762593-763126968-1000\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

13-12-2017 22:03:21 Checkpoint by HitmanPro
14-12-2017 02:11:14 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/20/2017 05:06:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/20/2017 05:04:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/20/2017 04:48:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/20/2017 03:13:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/20/2017 02:59:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/20/2017 02:57:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/18/2017 09:51:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/18/2017 09:49:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/18/2017 09:38:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/18/2017 09:36:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


CodeIntegrity:
===================================
  Date: 2017-12-20 17:04:52.063
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-20 15:13:29.845
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-20 14:59:59.999
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-20 14:57:33.584
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-18 21:49:53.003
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-18 21:36:33.102
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 4%
Total physical RAM: 61378.25 MB
Available physical RAM: 58727.33 MB
Total Virtual: 124866.25 MB
Available Virtual: 122010.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:22.14 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:215.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: E684A3A9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:40 AM

Posted 21 December 2017 - 03:19 PM

favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.

  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".

  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg
  • After a scan has been executed, scan results are displayed.

  • Put a checkmark on all detected and click on "Quarantine Selected"

  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 21 December 2017 - 04:34 PM

Malwarebytes isn't finding any threats!?!

 

Thank you.

 

www.malwarebytes.com

-Log Details-
Scan Date: 12/21/17
Scan Time: 4:19 PM
Log File: ac0e6918-e694-11e7-b308-3085a9967f87.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3538
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: BlackBeast\Sculptor

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295291
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:40 AM

Posted 21 December 2017 - 05:46 PM

Seems your computer is all clear, congratulations.

 

Use this application to remove quarantined items.

 

Please download DelFix by Xplode and save to your Desktop.

  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Remove disinfection tools
    - Create registry backup
    delfix.jpg
    .
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)

 

Always keep your antivirus active and updated.

 

Best regards. :)


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 rmihaly

rmihaly
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 21 December 2017 - 06:09 PM

Amazing. BUT, BUT... I don't know if you could recommend an antivirus, but if not, should I have some combination of protection software? For example, maybe Avast or Comodo for the basic job, then maybe also some firewall? Would I need a third software to that is anti-malware? Do I need a fourth thing that is anti-rootkit, whatever that is?

 

That's  something I don't understand, how many different kinds of antivirus-type software should one have?

 

THANK YOU!!!!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users