Solved Possible virus?

mom26gr8kids · Sep 17, 2017

Since I recently purchased a new computer I am getting ready to pass my old laptop down to my daughter. About 3 weeks ago the Windows update caused some glitches on this laptop. It got stuck in Automatic repair mode for 3 or 4 days, and I tried numerous things to get it restarted. I was pretty sure that wasn't going to happen and then suddenly it started working again. Ever since then though this laptop has been running slow with numerous glitches. My virus scans are not showing anything, but considering that the computer isn't running like it was before I wanted to run a few more scans to see if there is something that my virus software missed. Here are the FRST scans:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2017 01
Ran by songe_000 (administrator) on MOMSPC (17-09-2017 15:57:08)
Running from C:\Users\songe_000\Downloads
Loaded Profiles: songe_000 (Available Profiles: songe_000)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\songe_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Spotify Ltd) C:\Users\songe_000\AppData\Roaming\Spotify\Spotify.exe
(Amazon Services LLC) C:\Users\songe_000\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(CompSoft) C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Spotify Ltd) C:\Users\songe_000\AppData\Roaming\Spotify\Spotify.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8568.57561.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1489088 2017-08-28] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [DoroServer] => C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [204800 2014-12-19] (CompSoft)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2016-08-15] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-11-18] (Apple Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-07] (COMODO)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [Spotify Web Helper] => C:\Users\songe_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-21] (Spotify Ltd)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-28] (SUPERAntiSpyware)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [Spotify] => C:\Users\songe_000\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-21] (Spotify Ltd)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [Amazon Music] => C:\Users\songe_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-04-18] (Amazon Services LLC)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{dee13008-c737-4ac5-9444-f2960207d42f}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-15] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-15] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default [2017-09-16]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\2lsg6gue.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\2lsg6gue.default -> Google
FF Keyword.URL: Mozilla\Firefox\Profiles\2lsg6gue.default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B110US662D20141022&p=
FF Extension: (Avira Browser Safety) - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\abs@avira.com.xpi [2017-07-17]
FF Extension: (WOT) - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2017-07-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-01-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-634217685-3676121620-3412417090-1001: @citrixonline.com/appdetectorplugin -> C:\Users\songe_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-11] (Citrix Online)
FF Plugin HKU\S-1-5-21-634217685-3676121620-3412417090-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\songe_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-03] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default [2017-09-17]
CHR Extension: (Google Slides) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-07-11]
CHR Extension: (YouTube) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Google Docs Offline) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1227264 2017-03-14] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1227264 2017-03-14] (Microsoft Corporation) [File not signed]
R2 nsi; C:\WINDOWS\System32\nsisvc.dll [30720 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\WINDOWS\system32\winhttp.dll [818176 2017-03-14] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\WINDOWS\SysWOW64\winhttp.dll [636928 2017-03-14] (Microsoft Corporation) [File not signed]
U2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-23] (SUPERAntiSpyware.com)
U3 AJRouter; C:\WINDOWS\System32\AJRouter.dll [24576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ALG; C:\WINDOWS\System32\alg.exe [95744 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [124416 2017-04-27] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [125952 2017-03-14] (Microsoft Corporation) [File not signed]
U2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
U3 AppReadiness; C:\WINDOWS\system32\AppReadiness.dll [560128 2017-04-27] (Microsoft Corporation) [File not signed]
U3 AppXSvc; C:\WINDOWS\system32\appxdeploymentserver.dll [2278400 2017-03-18] (Microsoft Corporation) [File not signed]
U2 AudioEndpointBuilder; C:\WINDOWS\System32\AudioEndpointBuilder.dll [337920 2017-04-27] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [942080 2017-04-27] (Microsoft Corporation) [File not signed]
U3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [113664 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BDESVC; C:\WINDOWS\System32\bdesvc.dll [361472 2016-09-29] (Microsoft Corporation) [File not signed]
U2 BFE; C:\WINDOWS\System32\bfe.dll [795648 2016-07-16] (Microsoft Corporation) [File not signed]
U2 BITS; C:\WINDOWS\System32\qmgr.dll [1054208 2016-10-28] (Microsoft Corporation) [File not signed]
U2 BrokerInfrastructure; C:\WINDOWS\System32\bisrv.dll [770560 2017-04-27] (Microsoft Corporation) [File not signed]
U3 Browser; C:\WINDOWS\System32\browser.dll [134656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [321536 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bthserv; C:\WINDOWS\system32\bthserv.dll [157184 2017-04-27] (Microsoft Corporation) [File not signed]
U2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-09-20] (Acer Incorporated)
U2 CDPSvc; C:\WINDOWS\System32\CDPSvc.dll [411648 2016-12-12] (Microsoft Corporation) [File not signed]
U2 CDPUserSvc; C:\WINDOWS\System32\CDPUserSvc.dll [339456 2016-12-12] (Microsoft Corporation) [File not signed]
U3 CertPropSvc; C:\WINDOWS\System32\certprop.dll [193536 2017-03-14] (Microsoft Corporation) [File not signed]
U2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10501616 2017-08-28] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-08-28] (COMODO)
U2 CoreMessagingRegistrar; C:\WINDOWS\SysWOW64\coremessaging.dll [483840 2017-06-03] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [81920 2016-07-16] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [890368 2017-04-27] (Microsoft Corporation) [File not signed]
U3 DcpSvc; C:\WINDOWS\system32\dcpsvc.dll [183808 2016-07-16] (Microsoft Corporation) [File not signed]
U3 defragsvc; C:\WINDOWS\System32\defragsvc.dll [511488 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DeviceAssociationService; C:\WINDOWS\system32\das.dll [447488 2016-09-20] (Microsoft Corporation) [File not signed]
U3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [111104 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DevQueryBroker; C:\WINDOWS\system32\DevQueryBroker.dll [34304 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\WINDOWS\system32\dhcpcore.dll [360960 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [292864 2016-07-16] (Microsoft Corporation) [File not signed]
U3 diagnosticshub.standardcollector.service; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [93184 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [1984000 2017-04-27] (Microsoft Corporation) [File not signed]
U3 DmEnrollmentSvc; C:\WINDOWS\system32\Windows.Internal.Management.dll [407552 2017-04-27] (Microsoft Corporation) [File not signed]
U3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [298496 2017-04-27] (Microsoft Corporation) [File not signed]
U3 dmwappushservice; C:\WINDOWS\system32\dmwappushsvc.dll [57344 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [264704 2017-03-14] (Microsoft Corporation) [File not signed]
U2 DoSvc; C:\WINDOWS\system32\dosvc.dll [1231872 2017-03-27] (Microsoft Corporation) [File not signed]
U3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [262144 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DPS; C:\WINDOWS\system32\dps.dll [172032 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DsmSvc; C:\WINDOWS\System32\DeviceSetupManager.dll [197632 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DsSvc; C:\WINDOWS\System32\DsSvc.dll [152576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EapHost; C:\WINDOWS\System32\eapsvc.dll [112128 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EFS; C:\WINDOWS\system32\efssvc.dll [55296 2016-07-16] (Microsoft Corporation) [File not signed]
U3 embeddedmode; C:\WINDOWS\System32\embeddedmodesvc.dll [140800 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EntAppSvc; C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll [285696 2016-12-12] (Microsoft Corporation) [File not signed]
U3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
U2 EventLog; C:\WINDOWS\System32\wevtsvc.dll [1709056 2016-09-29] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\WINDOWS\system32\es.dll [453632 2016-07-16] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [347136 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Fax; C:\WINDOWS\system32\fxssvc.exe [644608 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [20992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 FDResPub; C:\WINDOWS\system32\fdrespub.dll [35328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [122368 2016-07-16] (Microsoft Corporation) [File not signed]
U2 FontCache; C:\WINDOWS\system32\FntCache.dll [1845248 2017-06-03] (Microsoft Corporation) [File not signed]
U3 FrameServer; C:\WINDOWS\system32\FrameServer.dll [805888 2017-03-14] (Microsoft Corporation) [File not signed]
U2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
U3 hidserv; C:\WINDOWS\system32\hidserv.dll [36864 2016-07-16] (Microsoft Corporation) [File not signed]
U3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HomeGroupListener; C:\WINDOWS\system32\ListSvc.dll [274432 2016-11-12] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\WINDOWS\system32\provsvc.dll [447488 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [385536 2016-07-16] (Microsoft Corporation) [File not signed]
U2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-06-30] (Hewlett-Packard Company)
U3 HvHost; C:\WINDOWS\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation) [File not signed]
U3 icssvc; C:\WINDOWS\System32\tetheringservice.dll [202240 2016-07-16] (Microsoft Corporation) [File not signed]
U2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-11-29] (Intel Corporation)
U2 IKEEXT; C:\WINDOWS\System32\ikeext.dll [932352 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
U3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
U2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [945664 2017-03-14] (Microsoft Corporation) [File not signed]
U3 irmon; C:\WINDOWS\System32\irmon.dll [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-07] (COMODO)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
U3 KeyIso; C:\WINDOWS\system32\keyiso.dll [96768 2016-07-16] (Microsoft Corporation) [File not signed]
U3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [70656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [376320 2016-07-16] (Microsoft Corporation) [File not signed]
U2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [305152 2016-07-16] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [283648 2016-12-12] (Microsoft Corporation) [File not signed]
U3 lfsvc; C:\WINDOWS\System32\lfsvc.dll [37376 2016-07-16] (Microsoft Corporation) [File not signed]
U3 LicenseManager; C:\WINDOWS\system32\LicenseManagerSvc.dll [26112 2016-09-20] (Microsoft Corporation) [File not signed]
U3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [275456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [27136 2016-07-16] (Microsoft Corporation) [File not signed]
U2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
U2 LSM; C:\WINDOWS\System32\lsm.dll [691712 2016-12-12] (Microsoft Corporation) [File not signed]
U2 MapsBroker; C:\WINDOWS\System32\moshost.dll [82944 2017-03-14] (Microsoft Corporation) [File not signed]
U3 MessagingService; C:\WINDOWS\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation) [File not signed]
U2 MpsSvc; C:\WINDOWS\system32\mpssvc.dll [893952 2017-03-14] (Microsoft Corporation) [File not signed]
U3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [151552 2016-07-16] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [65024 2016-07-16] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [58368 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [167936 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcbService; C:\WINDOWS\System32\ncbservice.dll [339968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [88576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\WINDOWS\system32\netlogon.dll [827392 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [670720 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netman; C:\WINDOWS\System32\netman.dll [259072 2016-07-16] (Microsoft Corporation) [File not signed]
U3 netprofm; C:\WINDOWS\System32\netprofmsvc.dll [519168 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NetSetupSvc; C:\WINDOWS\System32\NetSetupSvc.dll [266752 2017-06-03] (Microsoft Corporation) [File not signed]
U3 NgcCtnrSvc; C:\WINDOWS\System32\NgcCtnrSvc.dll [331264 2017-04-27] (Microsoft Corporation) [File not signed]
U3 NgcSvc; C:\WINDOWS\system32\ngcsvc.dll [983040 2017-04-27] (Microsoft Corporation) [File not signed]
U2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [368640 2016-10-11] (Microsoft Corporation) [File not signed]
U2 OneSyncSvc; C:\WINDOWS\System32\APHostService.dll [366592 2016-07-16] (Microsoft Corporation) [File not signed]
U3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [425472 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [21504 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PhoneSvc; C:\WINDOWS\System32\PhoneService.dll [781824 2016-09-20] (Microsoft Corporation) [File not signed]
U3 PimIndexMaintenanceSvc; C:\WINDOWS\System32\PimIndexMaintenance.dll [203264 2017-03-14] (Microsoft Corporation) [File not signed]
U3 pla; C:\WINDOWS\system32\pla.dll [1457152 2016-07-16] (Microsoft Corporation) [File not signed]
U3 pla; C:\WINDOWS\SysWOW64\pla.dll [1536512 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [111104 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [391168 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Power; C:\WINDOWS\system32\umpo.dll [123904 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3318784 2017-04-27] (Microsoft Corporation) [File not signed]
U2 ProfSvc; C:\WINDOWS\system32\profsvc.dll [358400 2016-09-29] (Microsoft Corporation) [File not signed]
U3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
U3 QWAVE; C:\WINDOWS\system32\qwave.dll [275456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [234496 2016-07-16] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [105472 2016-07-16] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\WINDOWS\System32\rasmans.dll [657920 2017-04-27] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [496128 2016-09-29] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [431104 2016-09-29] (Microsoft Corporation) [File not signed]
U4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [155648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RetailDemo; C:\WINDOWS\system32\RDXService.dll [650752 2017-04-27] (Microsoft Corporation) [File not signed]
U2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
U3 RmSvc; C:\WINDOWS\System32\RMapi.dll [140800 2016-09-29] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [79360 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2016-07-16] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [890368 2017-04-27] (Microsoft Corporation) [File not signed]
U4 SCardSvr; C:\WINDOWS\System32\SCardSvr.dll [250880 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [201728 2017-01-16] (Microsoft Corporation) [File not signed]
U2 Schedule; C:\WINDOWS\system32\schedsvc.dll [948224 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SCPolicySvc; C:\WINDOWS\System32\certprop.dll [193536 2017-03-14] (Microsoft Corporation) [File not signed]
U3 SDRSVC; C:\WINDOWS\System32\SDRSVC.dll [147968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 seclogon; C:\WINDOWS\system32\seclogon.dll [31232 2016-07-16] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\System32\sens.dll [70656 2016-09-29] (Microsoft Corporation) [File not signed]
U3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1312768 2017-03-14] (Microsoft Corporation) [File not signed]
U3 SensorService; C:\WINDOWS\system32\SensorService.dll [417792 2016-09-29] (Microsoft Corporation) [File not signed]
U3 SensrSvc; C:\WINDOWS\system32\sensrsvc.dll [179200 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [387072 2016-09-29] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [331776 2016-09-29] (Microsoft Corporation) [File not signed]
U3 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [541696 2017-03-14] (Microsoft Corporation) [File not signed]
U2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [617472 2016-07-16] (Microsoft Corporation) [File not signed]
U2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [566784 2016-07-16] (Microsoft Corporation) [File not signed]
U4 shpamsvc; C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 smphost; C:\WINDOWS\System32\smphost.dll [23552 2016-09-29] (Microsoft Corporation) [File not signed]
U3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2016-09-29] (Microsoft Corporation) [File not signed]
U3 SmsRouter; C:\WINDOWS\system32\SmsRouterSvc.dll [590848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2016-07-16] (Microsoft Corporation) [File not signed]
U2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)
U3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [792576 2017-03-14] (Microsoft Corporation) [File not signed]
U3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [236544 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [209920 2016-07-16] (Microsoft Corporation) [File not signed]
U3 StateRepository; C:\WINDOWS\system32\windows.staterepository.dll [4136448 2016-12-12] (Microsoft Corporation) [File not signed]
U3 StateRepository; C:\WINDOWS\SysWOW64\windows.staterepository.dll [3370496 2016-12-12] (Microsoft Corporation) [File not signed]
U2 stisvc; C:\WINDOWS\System32\wiaservc.dll [646656 2017-04-27] (Microsoft Corporation) [File not signed]
U3 StorSvc; C:\WINDOWS\system32\storsvc.dll [396800 2016-12-12] (Microsoft Corporation) [File not signed]
U3 svsvc; C:\WINDOWS\system32\svsvc.dll [13824 2016-07-16] (Microsoft Corporation) [File not signed]
U3 swprv; C:\WINDOWS\System32\swprv.dll [467456 2016-07-16] (Microsoft Corporation) [File not signed]
U2 SysMain; C:\WINDOWS\system32\sysmain.dll [944128 2016-07-16] (Microsoft Corporation) [File not signed]
U2 SystemEventsBroker; C:\WINDOWS\System32\SystemEventsBrokerServer.dll [387072 2016-07-16] (Microsoft Corporation) [File not signed]
U2 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [148992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [309248 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [254976 2016-07-16] (Microsoft Corporation) [File not signed]
S3 TermService; C:\WINDOWS\System32\termsrv.dll [987648 2016-07-16] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation) [File not signed]
U2 tiledatamodelsvc; C:\WINDOWS\system32\tileobjserver.dll [574976 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TimeBrokerSvc; C:\WINDOWS\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation) [File not signed]
U2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
U2 TrkWks; C:\WINDOWS\System32\trkwks.dll [116736 2016-07-16] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [122880 2016-12-12] (Microsoft Corporation) [File not signed]
U4 tzautoupdate; C:\WINDOWS\system32\tzautoupdate.dll [95232 2017-03-14] (Microsoft Corporation) [File not signed]
U3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
U3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [42496 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [273408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UnistoreSvc; C:\WINDOWS\System32\unistore.dll [1184256 2017-04-27] (Microsoft Corporation) [File not signed]
U3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [968704 2017-03-14] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\WINDOWS\System32\upnphost.dll [440832 2016-07-16] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [328192 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UserDataSvc; C:\WINDOWS\System32\userdataservice.dll [1512448 2017-03-14] (Microsoft Corporation) [File not signed]
U2 UserManager; C:\WINDOWS\System32\usermgr.dll [1021440 2017-04-27] (Microsoft Corporation) [File not signed]
U3 UsoSvc; C:\WINDOWS\system32\usocore.dll [548864 2017-04-27] (Microsoft Corporation) [File not signed]
U3 VaultSvc; C:\Windows\System32\vaultsvc.dll [358912 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vds; C:\WINDOWS\System32\vds.exe [649216 2017-04-27] (Microsoft Corporation) [File not signed]
U3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-29] (Microsoft Corporation) [File not signed]
U3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-29] (Microsoft Corporation) [File not signed]
U3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-29] (Microsoft Corporation) [File not signed]
U3 vmicrdv; C:\WINDOWS\System32\icsvcext.dll [349696 2017-03-14] (Microsoft Corporation) [File not signed]
U3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-29] (Microsoft Corporation) [File not signed]
U3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-29] (Microsoft Corporation) [File not signed]
U3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-29] (Microsoft Corporation) [File not signed]
U3 vmicvss; C:\WINDOWS\System32\icsvcext.dll [349696 2017-03-14] (Microsoft Corporation) [File not signed]
U3 VSS; C:\WINDOWS\system32\vssvc.exe [1443328 2017-04-27] (Microsoft Corporation) [File not signed]
U3 W32Time; C:\WINDOWS\system32\w32time.dll [520192 2016-09-20] (Microsoft Corporation) [File not signed]
U3 WalletService; C:\WINDOWS\system32\WalletService.dll [436224 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wbengine; C:\WINDOWS\system32\wbengine.exe [1547264 2017-04-27] (Microsoft Corporation) [File not signed]
U2 WbioSrvc; C:\WINDOWS\System32\wbiosrvc.dll [837632 2017-01-16] (Microsoft Corporation) [File not signed]
U2 Wcmsvc; C:\WINDOWS\System32\wcmsvc.dll [715776 2017-03-14] (Microsoft Corporation) [File not signed]
U3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [468992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [97792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [97792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
U3 WebClient; C:\WINDOWS\System32\webclnt.dll [227328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [198656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [206848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wercplsupport; C:\WINDOWS\System32\wercplsupport.dll [94208 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WerSvc; C:\WINDOWS\System32\WerSvc.dll [156672 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [82944 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
U2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [222720 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2716672 2016-12-12] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2333184 2017-04-27] (Microsoft Corporation) [File not signed]
U3 wisvc; C:\WINDOWS\system32\flightsettings.dll [635904 2017-04-27] (Microsoft Corporation) [File not signed]
U2 WlanSvc; C:\WINDOWS\System32\wlansvc.dll [2370048 2017-03-14] (Microsoft Corporation) [File not signed]
U3 wlidsvc; C:\WINDOWS\system32\wlidsvc.dll [2104320 2017-04-27] (Microsoft Corporation) [File not signed]
U3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [203264 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1184256 2016-09-20] (Microsoft Corporation) [File not signed]
U3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1837056 2017-03-14] (Microsoft Corporation) [File not signed]
U3 WPDBusEnum; C:\WINDOWS\system32\wpdbusenum.dll [88064 2016-07-16] (Microsoft Corporation) [File not signed]
U2 WpnService; C:\WINDOWS\system32\WpnService.dll [234496 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WpnUserService; C:\WINDOWS\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [184832 2016-12-12] (Microsoft Corporation) [File not signed]
U2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [903680 2017-06-03] (Microsoft Corporation) [File not signed]
U2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [773120 2017-06-03] (Microsoft Corporation) [File not signed]
U3 wuauserv; C:\WINDOWS\system32\wuaueng.dll [2318848 2017-06-03] (Microsoft Corporation) [File not signed]
U3 wudfsvc; C:\WINDOWS\System32\WUDFSvc.dll [99840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WwanSvc; C:\WINDOWS\System32\wwansvc.dll [1282048 2017-03-14] (Microsoft Corporation) [File not signed]
U3 XblAuthManager; C:\WINDOWS\System32\XblAuthManager.dll [1016320 2017-03-14] (Microsoft Corporation) [File not signed]
U3 XblGameSave; C:\WINDOWS\System32\XblGameSave.dll [1159680 2016-07-16] (Microsoft Corporation) [File not signed]
U3 XboxNetApiSvc; C:\WINDOWS\system32\XboxNetApiSvc.dll [1025536 2017-03-14] (Microsoft Corporation) [File not signed]

mom26gr8kids · Sep 17, 2017

Frst continued

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [235520 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AcpiDev; C:\WINDOWS\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U3 acpipagr; C:\WINDOWS\System32\drivers\acpipagr.sys [12288 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AcpiPmi; C:\WINDOWS\System32\drivers\acpipmi.sys [14336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 acpitime; C:\WINDOWS\System32\drivers\acpitime.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U1 ahcache; C:\WINDOWS\System32\DRIVERS\ahcache.sys [227328 2016-10-28] (Microsoft Corporation) [File not signed]
U3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [123392 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [120832 2016-07-16] (Microsoft Corporation) [File not signed]
U3 applockerfltr; C:\WINDOWS\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AsyncMac; C:\WINDOWS\System32\drivers\asyncmac.sys [28160 2016-07-16] (Microsoft Corporation) [File not signed]
U3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2016-07-16] (Qualcomm Atheros Communications, Inc.) [File not signed]
U1 BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [56320 2017-03-27] (Microsoft Corporation) [File not signed]
U1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [41472 2017-06-03] (Microsoft Corporation) [File not signed]
U3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider) [File not signed]
U3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider) [File not signed]
U1 Beep; C:\Windows\System32\Drivers\Beep.sys [9728 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bowser; C:\WINDOWS\System32\DRIVERS\bowser.sys [101888 2016-11-12] (Microsoft Corporation) [File not signed]
U3 BthAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [43008 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [65536 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bthhfhid; C:\WINDOWS\System32\drivers\BthHFHid.sys [31232 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [66048 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BTHPORT; C:\WINDOWS\System32\drivers\BTHport.sys [967680 2017-04-27] (Microsoft Corporation) [File not signed]
U3 BTHUSB; C:\WINDOWS\System32\drivers\BTHUSB.sys [84992 2016-09-20] (Microsoft Corporation) [File not signed]
U3 buttonconverter; C:\WINDOWS\System32\drivers\buttonconverter.sys [38912 2016-07-16] (Microsoft Corporation) [File not signed]
U3 CapImg; C:\WINDOWS\System32\drivers\capimg.sys [118272 2016-10-28] (Microsoft Corporation) [File not signed]
U4 cdfs; C:\WINDOWS\System32\DRIVERS\cdfs.sys [92160 2016-07-16] (Microsoft Corporation) [File not signed]
U1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [173056 2016-07-16] (Microsoft Corporation) [File not signed]
U3 circlass; C:\WINDOWS\System32\drivers\circlass.sys [48640 2016-07-16] (Microsoft Corporation) [File not signed]
U2 clreg; C:\WINDOWS\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation) [File not signed]
U3 CmBatt; C:\WINDOWS\System32\drivers\CmBatt.sys [29696 2016-07-16] (Microsoft Corporation) [File not signed]
U1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40968 2017-08-08] (COMODO)
U1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [827864 2017-08-08] (COMODO)
U1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50808 2017-08-08] (COMODO)
U3 CompositeBus; C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys [39936 2016-07-16] (Microsoft Corporation) [File not signed]
U3 cpuz136; C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [23856 2016-09-20] (CPUID)
U1 Dfsc; C:\WINDOWS\System32\Drivers\dfsc.sys [145408 2017-03-14] (Microsoft Corporation) [File not signed]
U3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-10-12] (Samsung Electronics Co., Ltd.)
U3 dmvsc; C:\WINDOWS\System32\drivers\dmvsc.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ErrDev; C:\WINDOWS\System32\drivers\errdev.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U3 exfat; C:\Windows\System32\Drivers\exfat.sys [334848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fdc; C:\WINDOWS\System32\drivers\fdc.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U1 FileCrypt; C:\WINDOWS\System32\drivers\filecrypt.sys [88576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Filetrace; C:\WINDOWS\System32\drivers\filetrace.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 flpydisk; C:\WINDOWS\System32\drivers\flpydisk.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 gencounter; C:\WINDOWS\System32\drivers\vmgencounter.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U3 genericusbfn; C:\WINDOWS\System32\drivers\genericusbfn.sys [20480 2016-07-16] (Microsoft Corporation) [File not signed]
U1 GpuEnergyDrv; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [8192 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HDAudBus; C:\WINDOWS\System32\drivers\HDAudBus.sys [83456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidBth; C:\WINDOWS\System32\drivers\hidbth.sys [108032 2016-07-16] (Microsoft Corporation) [File not signed]
U3 hidi2c; C:\WINDOWS\System32\drivers\hidi2c.sys [51200 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidIr; C:\WINDOWS\System32\drivers\hidir.sys [46592 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidUsb; C:\WINDOWS\System32\drivers\hidusb.sys [38400 2016-09-20] (Microsoft Corporation) [File not signed]
U3 hyperkbd; C:\WINDOWS\System32\drivers\hyperkbd.sys [16384 2016-07-16] (Microsoft Corporation) [File not signed]
U3 i8042prt; C:\WINDOWS\System32\drivers\i8042prt.sys [114176 2016-07-16] (Microsoft Corporation) [File not signed]
U3 iagpio; C:\WINDOWS\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation) [File not signed]
U3 iai2c; C:\WINDOWS\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation) [File not signed]
U3 iaLPSS2i_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation) [File not signed]
U3 IndirectKmd; C:\WINDOWS\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [132904 2017-08-08] (COMODO)
U3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [134144 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [85504 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IPNAT; C:\WINDOWS\System32\drivers\ipnat.sys [212480 2016-07-16] (Microsoft Corporation) [File not signed]
U3 irda; C:\WINDOWS\system32\drivers\irda.sys [120320 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IRENUM; C:\WINDOWS\System32\drivers\irenum.sys [19456 2016-07-16] (Microsoft Corporation) [File not signed]
U1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
U3 kbdhid; C:\WINDOWS\System32\drivers\kbdhid.sys [39424 2016-09-29] (Microsoft Corporation) [File not signed]
U3 kdnic; C:\WINDOWS\System32\drivers\kdnic.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ksthunk; C:\WINDOWS\system32\drivers\ksthunk.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U2 lltdio; C:\WINDOWS\System32\drivers\lltdio.sys [66048 2016-07-16] (Microsoft Corporation) [File not signed]
U3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
U2 luafv; C:\WINDOWS\system32\drivers\luafv.sys [125952 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
U2 MMCSS; C:\WINDOWS\system32\drivers\mmcss.sys [48128 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Modem; C:\WINDOWS\System32\drivers\modem.sys [42496 2016-12-12] (Microsoft Corporation) [File not signed]
U3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [38400 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mouhid; C:\WINDOWS\System32\drivers\mouhid.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mpsdrv; C:\WINDOWS\System32\drivers\mpsdrv.sys [75776 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MRxDAV; C:\WINDOWS\system32\drivers\mrxdav.sys [143872 2016-10-11] (Microsoft Corporation) [File not signed]
U2 mrxsmb10; C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys [282624 2016-12-12] (Microsoft Corporation) [File not signed]
U3 MsBridge; C:\WINDOWS\System32\drivers\bridge.sys [115200 2017-04-27] (Microsoft Corporation) [File not signed]
U3 mshidkmdf; C:\WINDOWS\System32\drivers\mshidkmdf.sys [8704 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mshidumdf; C:\WINDOWS\System32\drivers\mshidumdf.sys [11776 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSKSSRV; C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys [27136 2017-03-14] (Microsoft Corporation) [File not signed]
U2 MsLldp; C:\WINDOWS\System32\drivers\mslldp.sys [78336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSPCLOCK; C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys [10752 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSPQM; C:\WINDOWS\system32\DRIVERS\MSPQM.sys [10752 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSTEE; C:\WINDOWS\system32\DRIVERS\MSTEE.sys [12800 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MTConfig; C:\WINDOWS\System32\drivers\MTConfig.sys [15872 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NativeWifiP; C:\WINDOWS\System32\DRIVERS\nwifi.sys [535552 2017-03-14] (Microsoft Corporation) [File not signed]
U3 NdisCap; C:\WINDOWS\System32\drivers\ndiscap.sys [50176 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisImPlatform; C:\WINDOWS\System32\drivers\NdisImPlatform.sys [126464 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Ndisuio; C:\WINDOWS\System32\drivers\ndisuio.sys [63488 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisVirtualBus; C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [20480 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisWan; C:\WINDOWS\System32\drivers\ndiswan.sys [189440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ndiswanlegacy; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [189440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ndproxy; C:\WINDOWS\System32\DRIVERS\NDProxy.sys [60928 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Ndu; C:\WINDOWS\System32\drivers\Ndu.sys [125440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
U3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () [File not signed]
U1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [279040 2016-07-16] (Microsoft Corporation) [File not signed]
U1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [68608 2016-07-16] (Microsoft Corporation) [File not signed]
U1 npsvctrig; C:\WINDOWS\System32\drivers\npsvctrig.sys [26624 2016-07-16] (Microsoft Corporation) [File not signed]
U1 nsiproxy; C:\WINDOWS\System32\drivers\nsiproxy.sys [41984 2016-07-16] (Microsoft Corporation) [File not signed]
U1 Null; C:\Windows\System32\Drivers\Null.sys [7168 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Parport; C:\WINDOWS\System32\drivers\parport.sys [96768 2016-07-16] (Microsoft Corporation) [File not signed]
U2 PEAUTH; C:\WINDOWS\System32\drivers\peauth.sys [723968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PptpMiniport; C:\WINDOWS\System32\drivers\raspptp.sys [96256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Processor; C:\WINDOWS\System32\drivers\processr.sys [119808 2016-07-16] (Microsoft Corporation) [File not signed]
U3 QWAVEdrv; C:\WINDOWS\system32\drivers\qwavedrv.sys [48640 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
U3 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [17408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasAgileVpn; C:\WINDOWS\System32\drivers\AgileVpn.sys [107520 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Rasl2tp; C:\WINDOWS\System32\drivers\rasl2tp.sys [104960 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [81408 2017-04-27] (Microsoft Corporation) [File not signed]
U3 RasSstp; C:\WINDOWS\System32\drivers\rassstp.sys [77824 2016-07-16] (Microsoft Corporation) [File not signed]
U3 rdpbus; C:\WINDOWS\System32\drivers\rdpbus.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RDPDR; C:\WINDOWS\System32\drivers\rdpdr.sys [177152 2016-07-16] (Microsoft Corporation) [File not signed]
U2 rspndr; C:\WINDOWS\System32\drivers\rspndr.sys [81408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
U3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-24] (Realsil Semiconductor Corporation)
U3 s3cap; C:\WINDOWS\System32\drivers\vms3cap.sys [9216 2016-07-16] (Microsoft Corporation) [File not signed]
U1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 scfilter; C:\WINDOWS\System32\DRIVERS\scfilter.sys [43008 2016-07-16] (Microsoft Corporation) [File not signed]
U3 scmdisk0101; C:\WINDOWS\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Serenum; C:\WINDOWS\System32\drivers\serenum.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Serial; C:\WINDOWS\System32\drivers\serial.sys [83968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 sermouse; C:\WINDOWS\System32\drivers\sermouse.sys [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 sfloppy; C:\WINDOWS\System32\drivers\sfloppy.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U2 srv; C:\WINDOWS\System32\DRIVERS\srv.sys [409600 2017-04-27] (Microsoft Corporation) [File not signed]
U3 srv2; C:\WINDOWS\System32\DRIVERS\srv2.sys [713216 2017-04-27] (Microsoft Corporation) [File not signed]
U3 srvnet; C:\WINDOWS\System32\DRIVERS\srvnet.sys [248320 2016-09-20] (Microsoft Corporation) [File not signed]
U3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
U3 StillCam; C:\WINDOWS\system32\DRIVERS\serscan.sys [12800 2016-07-16] (Microsoft Corporation) [File not signed]
U2 storqosflt; C:\WINDOWS\System32\drivers\storqosflt.sys [78336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
U3 Synth3dVsc; C:\WINDOWS\System32\drivers\Synth3dVsc.sys [64000 2016-07-16] (Microsoft Corporation) [File not signed]
U2 tcpipreg; C:\WINDOWS\System32\drivers\tcpipreg.sys [52224 2017-03-14] (Microsoft Corporation) [File not signed]
U3 tsusbflt; C:\WINDOWS\System32\drivers\TsUsbFlt.sys [61440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TsUsbGD; C:\WINDOWS\System32\drivers\TsUsbGD.sys [34304 2016-07-16] (Microsoft Corporation) [File not signed]
U3 tunnel; C:\WINDOWS\System32\drivers\tunnel.sys [158208 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmCx0101; C:\WINDOWS\System32\Drivers\UcmCx.sys [95744 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmTcpciCx0101; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmUcsi; C:\WINDOWS\System32\drivers\UcmUcsi.sys [50688 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation) [File not signed]
U4 udfs; C:\WINDOWS\System32\DRIVERS\udfs.sys [320000 2016-07-16] (Microsoft Corporation) [File not signed]
U3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [56832 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UmPass; C:\WINDOWS\System32\drivers\umpass.sys [13824 2016-07-16] (Microsoft Corporation) [File not signed]
U3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-04-03] (Apple, Inc.) [File not signed]
U3 usbcir; C:\WINDOWS\System32\drivers\usbcir.sys [102400 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbohci; C:\WINDOWS\System32\drivers\usbohci.sys [30208 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbprint; C:\WINDOWS\System32\drivers\usbprint.sys [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [46592 2016-09-22] (Microsoft Corporation) [File not signed]
U3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [69120 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbuhci; C:\WINDOWS\System32\drivers\usbuhci.sys [35328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [226816 2016-09-20] (Microsoft Corporation) [File not signed]
U3 vhf; C:\WINDOWS\System32\drivers\vhf.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 VMBusHID; C:\WINDOWS\System32\drivers\VMBusHID.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vmgid; C:\WINDOWS\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vwifibus; C:\WINDOWS\System32\drivers\vwifibus.sys [26624 2016-07-16] (Microsoft Corporation) [File not signed]
U1 vwififlt; C:\WINDOWS\System32\drivers\vwififlt.sys [73216 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vwifimp; C:\WINDOWS\System32\drivers\vwifimp.sys [40448 2017-04-27] (Microsoft Corporation) [File not signed]
U3 WacomPen; C:\WINDOWS\System32\drivers\wacompen.sys [30208 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [79872 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wanarpv6; C:\WINDOWS\System32\DRIVERS\wanarp.sys [79872 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wcnfs; C:\WINDOWS\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
U3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
U3 wdiwifi; C:\WINDOWS\System32\DRIVERS\wdiwifi.sys [719872 2017-03-14] (Microsoft Corporation) [File not signed]
U3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 WINUSB; C:\WINDOWS\System32\drivers\WinUSB.SYS [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
U3 WmiAcpi; C:\WINDOWS\System32\drivers\wmiacpi.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U4 ws2ifsl; C:\WINDOWS\system32\drivers\ws2ifsl.sys [22528 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WsAudio_Device(1); C:\WINDOWS\system32\drivers\VirtualAudio1.sys [31080 2016-05-16] (Wondershare)
U3 WSDPrintDevice; C:\WINDOWS\System32\drivers\WSDPrint.sys [22528 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WudfPf; C:\WINDOWS\System32\drivers\WudfPf.sys [99328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFRd; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 xboxgip; C:\WINDOWS\System32\drivers\xboxgip.sys [258560 2017-03-14] (Microsoft Corporation) [File not signed]
U3 xinputhid; C:\WINDOWS\System32\drivers\xinputhid.sys [43520 2016-09-20] (Microsoft Corporation) [File not signed]
U3 iaLPSSi_GPIO; \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys [X]
U3 iaLPSSi_I2C; \SystemRoot\System32\drivers\iaLPSSi_I2C.sys [X]
U0 iaStorAV; System32\drivers\iaStorAV.sys [X]
U0 iaStorV; System32\drivers\iaStorV.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-17 15:57 - 2017-09-17 16:00 - 000065016 _____ C:\Users\songe_000\Downloads\FRST.txt
2017-09-17 15:54 - 2017-09-17 15:54 - 000000000 ____D C:\Users\songe_000\Downloads\FRST-OlderVersion
2017-09-17 15:54 - 2017-09-17 15:54 - 000000000 ____D C:\FRST
2017-09-17 15:53 - 2017-09-17 15:54 - 002399744 _____ (Farbar) C:\Users\songe_000\Downloads\FRST64.exe
2017-09-15 16:53 - 2017-09-15 16:56 - 000741009 _____ C:\Users\songe_000\Downloads\Contact List 2017 Final.pdf
2017-09-12 01:33 - 2017-09-12 01:33 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-12 01:06 - 2017-09-12 01:06 - 000067293 _____ C:\Users\songe_000\Documents\GraceLloyd.pdf
2017-09-12 00:15 - 2017-09-12 00:20 - 000026703 _____ C:\Users\songe_000\Downloads\Grace Transcript (1).xlsx
2017-09-12 00:14 - 2017-09-12 01:26 - 000066365 _____ C:\Users\songe_000\Documents\KaeleyEagle.pdf
2017-09-12 00:14 - 2017-09-12 00:19 - 000026703 _____ C:\Users\songe_000\Downloads\Grace Transcript.xlsx
2017-08-30 22:42 - 2017-08-03 23:31 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 001214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-08-30 22:42 - 2017-08-03 23:31 - 000034656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-08-30 22:42 - 2017-08-03 22:26 - 000192864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-08-29 12:07 - 2017-08-29 12:07 - 000063458 _____ C:\Users\songe_000\Documents\JacksonSeidler.pdf
2017-08-29 12:00 - 2017-08-29 12:00 - 003816483 _____ C:\Users\songe_000\Downloads\Jackson Seidler Gradebook 2016-2017.pdf
2017-08-28 23:41 - 2017-08-28 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-08-28 23:39 - 2017-08-28 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-08-28 23:38 - 2017-08-28 23:39 - 000000000 ____D C:\Program Files\iPod
2017-08-26 20:35 - 2017-08-26 20:35 - 000026849 _____ C:\Users\songe_000\Downloads\customPage41005 (3).xlsx
2017-08-25 11:17 - 2017-08-25 11:18 - 001616527 _____ C:\Users\songe_000\Downloads\att.pdf
2017-08-24 12:09 - 2017-08-24 12:09 - 000561602 _____ C:\Users\songe_000\Downloads\Homeschool-Attendance-Record-2017-2018 (1).pdf
2017-08-20 21:58 - 2017-08-20 21:58 - 000042834 _____ C:\Users\songe_000\Downloads\000151149 (1).pdf
2017-08-20 21:57 - 2017-08-20 21:58 - 000042834 _____ C:\Users\songe_000\Downloads\000151149.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-17 16:00 - 2017-03-16 23:12 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2017-09-17 15:55 - 2017-03-16 23:52 - 000077470 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-09-17 15:41 - 2016-09-20 15:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-17 02:53 - 2016-07-16 05:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-17 02:53 - 2014-10-25 19:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-17 02:34 - 2016-07-16 05:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-17 02:34 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-17 02:26 - 2014-10-25 19:59 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-16 21:10 - 2016-02-09 16:32 - 000066078 _____ C:\Users\songe_000\Documents\JustinSonger.pdf
2017-09-16 20:50 - 2016-07-16 05:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-16 20:41 - 2014-07-31 04:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-16 20:08 - 2014-10-22 23:43 - 000000000 ____D C:\Users\songe_000\AppData\Roaming\Spotify
2017-09-16 20:08 - 2014-10-22 22:01 - 000000000 __RDO C:\Users\songe_000\OneDrive
2017-09-16 20:06 - 2014-10-22 23:43 - 000000000 ____D C:\Users\songe_000\AppData\Local\Spotify
2017-09-16 20:03 - 2016-09-20 15:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-16 20:03 - 2014-10-22 21:58 - 000000000 __SHD C:\Users\songe_000\IntelGraphicsProfiles
2017-09-16 20:02 - 2016-09-20 18:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-14 18:45 - 2017-07-19 17:48 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-634217685-3676121620-3412417090-1001
2017-09-14 18:45 - 2015-11-30 02:22 - 000002415 _____ C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-14 18:42 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-14 18:42 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-12 01:55 - 2016-09-20 15:25 - 000000000 ____D C:\Users\songe_000
2017-09-12 01:33 - 2016-09-20 17:15 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-10 14:28 - 2016-07-16 00:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-09-10 13:14 - 2016-07-16 05:45 - 000000000 ____D C:\WINDOWS\INF
2017-09-10 13:08 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-08 19:48 - 2017-03-16 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-09-08 19:48 - 2014-10-22 23:07 - 000000000 ____D C:\ProgramData\Comodo
2017-09-08 16:35 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-09-07 10:44 - 2015-11-30 01:41 - 001445410 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-06 18:29 - 2015-06-09 18:43 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-05 13:01 - 2016-07-16 05:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-05 13:01 - 2016-07-16 05:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-28 23:53 - 2015-11-21 23:02 - 000064724 _____ C:\Users\songe_000\Documents\KaitlynCarlson.pdf
2017-08-28 23:39 - 2017-06-24 12:23 - 000000000 ____D C:\Program Files\iTunes
2017-08-28 22:59 - 2016-12-28 00:20 - 000051808 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2017-08-28 22:59 - 2016-12-28 00:19 - 000939144 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2017-08-28 22:59 - 2016-12-28 00:19 - 000731344 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2017-08-28 22:57 - 2016-12-28 00:17 - 000457408 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2017-08-28 22:55 - 2016-12-28 00:15 - 000363712 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2017-08-28 20:59 - 2017-02-05 18:39 - 000000000 ____D C:\Users\songe_000\AppData\LocalLow\Mozilla
2017-08-28 16:57 - 2016-11-27 21:58 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-28 16:57 - 2014-10-22 22:11 - 000002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 16:57 - 2014-10-22 22:11 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-28 16:57 - 2014-10-22 22:11 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2017-08-28 16:52 - 2016-05-11 16:55 - 000000668 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-634217685-3676121620-3412417090-1001.job
2017-08-28 16:52 - 2016-05-11 16:55 - 000000572 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-634217685-3676121620-3412417090-1001.job
2017-08-28 16:52 - 2014-11-09 14:57 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-08-28 09:39 - 2016-02-09 22:06 - 000064246 _____ C:\Users\songe_000\Documents\DoranLee.pdf
2017-08-28 09:20 - 2017-07-13 23:44 - 000000000 ____D C:\Users\songe_000\AppData\Local\GoToMeeting
2017-08-25 11:33 - 2014-10-22 21:58 - 000000000 ____D C:\Users\songe_000\AppData\Local\Packages

==================== Files in the root of some directories =======

2017-03-14 13:58 - 2017-03-14 13:58 - 000000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
2017-03-30 23:58 - 2017-07-14 18:52 - 004113960 _____ (COMODO) C:\Users\songe_000\AppData\Local\Temp\ise_installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe
[2017-05-09 20:25] - [2017-04-27 17:39] - 000673792 _____ (Microsoft Corporation) B2151FE002A8D3F41E2DF935F260E3A8

C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe
[2016-07-16 05:42] - [2016-07-16 05:42] - 000033280 _____ (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69

C:\WINDOWS\SysWOW64\userinit.exe
[2016-07-16 05:42] - [2016-07-16 05:42] - 000027648 _____ (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B

C:\WINDOWS\system32\rpcss.dll
[2017-05-09 20:03] - [2017-04-27 17:41] - 000890368 _____ (Microsoft Corporation) 4A7015195E49A3BA7DB967B277B21E9D

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-08 17:04

==================== End of FRST.txt ============================

mom26gr8kids · Sep 17, 2017

Addition text
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
Ran by songe_000 (17-09-2017 16:03:34)
Running from C:\Users\songe_000\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-21 02:13:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
Ableton Live 9 Lite (HKLM-x32\...\{81C44E70-0F73-4BE5-B646-3C4F54C4F32A}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Trial (HKLM-x32\...\{300E84D8-F6D1-4B58-906F-7E41F34E6D42}) (Version: 9.0.0.0 - Ableton)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3002 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Aimersoft DRM Media Converter(Build 1.6.0.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version: - Aimersoft Software)
Alice Greenfingers 2 (HKLM-x32\...\BFG-Alice Greenfingers 2) (Version: - )
Aloha TriPeaks (HKLM-x32\...\WTA-a0c80ba3-d5c9-49c0-8d1e-2df82fa89bd3) (Version: 2.2.0.98 - WildTangent) Hidden
Amazon Music (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Amazon Amazon Music) (Version: 5.4.2.1801 - Amazon Services LLC)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot 2: Town of the Year (HKLM-x32\...\BFG-Build-a-lot 2 - Town of the Year) (Version: - )
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
COMODO Internet Security Premium (HKLM\...\{67DA4459-33A8-4E69-9C7B-FB5CBADA60AB}) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-66cb0f17-50fb-49ff-8924-bad585a1895e) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
Doro 1.94 (HKLM-x32\...\Doro_is1) (Version: - CompSoft)
Fishdom 3 (HKLM-x32\...\BFG-Fishdom 3) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-068bedf7-38fc-4849-bcd3-6ca159b577c0) (Version: 2.2.0.110 - WildTangent) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.424651.94 - Comodo)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Jojo's Fashion Show: World Tour (HKLM-x32\...\BFG-Jojo's Fashion Show - World Tour) (Version: - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Locklizard Safeguard - PDF Viewer (HKLM-x32\...\Locklizard Safeguard - PDF Viewer_sf) (Version: 2.6.41 - Locklizard Ltd.)
Luxor Evolved (HKLM-x32\...\WTA-3cb536ee-0c52-4c62-96d1-745290a647db) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-1ae77067-327d-44ce-8e91-ed114ced669a) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8326.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NoteBurner M4V Converter 4.0.2 (HKLM-x32\...\NoteBurner M4V Converter_is1) (Version: - NoteBurner Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-b8cce2f1-44d8-43e4-a1cd-08dd51375bc1) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-98f57e61-1788-4aad-8a81-305491c5a4cf) (Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
Shop-N-Spree: Family Fortune (HKLM-x32\...\BFG-Shop-N-Spree Family Fortune) (Version: - )
Soluto (HKLM\...\{AD78441D-E016-4119-A0AE-9ECB763B6A3D}) (Version: 1.3.1500.2 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Tapestry of Grace Year 2 Digital Edition (HKLM-x32\...\Tapestry of Grace Year 2 Digital Edition) (Version: 2016.0325 - Lampstand Press)
Tapestry Year 3 (HKLM-x32\...\Tapestry Year 3) (Version: 2016.0325 - Lampstand Press)
Tapestry Year 4 (HKLM-x32\...\Tapestry Year 4) (Version: 2016.0328 - Lampstand Press)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-59102d9c-31c7-4943-bf3b-0e338ee507d7) (Version: 3.0.2.32 - WildTangent) Hidden
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #10 (HKLM-x32\...\ST6UNST #10) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #11 (HKLM-x32\...\ST6UNST #11) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #12 (HKLM-x32\...\ST6UNST #12) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #3 (HKLM-x32\...\ST6UNST #3) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #4 (HKLM-x32\...\ST6UNST #4) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #5 (HKLM-x32\...\ST6UNST #5) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #6 (HKLM-x32\...\ST6UNST #6) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #7 (HKLM-x32\...\ST6UNST #7) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #8 (HKLM-x32\...\ST6UNST #8) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #9 (HKLM-x32\...\ST6UNST #9) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) (HKLM-x32\...\ST6UNST #2) (Version: - )
TranscriptPro for Umbrella Schools (HKLM-x32\...\ST6UNST #1) (Version: - )
Trinklit Supreme (HKLM-x32\...\WTA-021203c5-41b1-47d6-8e5e-24191ded62f1) (Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.20 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-634217685-3676121620-3412417090-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\songe_000\AppData\Local\Citrix\GoToMeeting\4800\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-28] (COMODO)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-28] (COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-30] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-09-30] (Intel Corporation)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-28] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {031368AD-69FA-42F5-9836-00FC1C7A6873} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {036CC33F-9545-4394-9159-58C1BDED1546} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-09-20] (Acer Incorporated)
Task: {08FB1CFF-406B-4377-9C10-0364DEFA1615} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0D6B97AC-F2D2-4B8F-AB58-80CAC6B358AF} - System32\Tasks\G2MUpdateTask-S-1-5-21-634217685-3676121620-3412417090-1001 => C:\Users\songe_000\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0EE31A40-E7F5-4430-9CF1-4F70BF3FFC88} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {16E0EE90-DC55-4921-99FD-69262DB1C64A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {1BA8203E-D888-4C65-87EC-ECDC370FE4C7} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {1C73E622-8FD6-4270-B5CF-4102D8871ADF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {1CEFCF95-37A5-4291-9AC6-4E6FCCF21D9C} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2016-08-15] ()
Task: {1FD632AE-52AF-4024-B8A6-3BF3BC89FD46} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {267662B5-1367-4E02-9FC6-99CD0B27701E} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)
Task: {2E83424C-07B1-4CCF-A360-627134EE6F72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3546FB58-3758-4717-9B11-3E15CF872BA5} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-21] (Microsoft Corporation)
Task: {36B9251B-FEA5-419D-977E-0EA4F839545B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-15] ()
Task: {3B68FC16-40AF-4A9F-BB31-4339A32D20DD} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {475470D8-E6D8-4501-9B94-AD2F3077BA98} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-28] (COMODO)
Task: {4D9A1146-9D5C-4B0D-9FCD-06BD35763CBB} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-28] (COMODO)
Task: {555A5627-076E-40FC-8957-D0FECA9D6473} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-17] (Microsoft Corporation)
Task: {56F5CB9E-9FFD-4AC7-9CC5-52A809E8A239} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-12-19] (Acer Incorporated)
Task: {575997F7-92DC-4DF0-B93A-8B443BA4BA4C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {5C73D677-93C1-4193-AEC4-C4A920B0BB9B} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-08-28] (COMODO)
Task: {5DE19AE0-A353-4BEB-A50D-83D2898D0D47} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\songe_000\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {65CB0CBC-62D9-46E8-AC63-0E1828D6EE45} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {6940B4D4-539C-4B45-A9EE-54B4DA9C94B9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-21] (Microsoft Corporation)
Task: {78D748B5-11E1-4D10-8558-6156ABB6A2EF} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-28] (COMODO)
Task: {7C799672-89F0-48FE-A7DC-A297D3138ED9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-15] (Microsoft Corporation)
Task: {7DB3C51D-D6F0-4E26-8ECF-96AA4CCC4620} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {82327D8E-CE75-415E-82FC-6E8D6690898E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-14] (Adobe Systems Incorporated)
Task: {9062A850-12C3-4B78-A7DB-D427C0C60BF2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-21] (Microsoft Corporation)
Task: {90CA2CA8-84FB-4D37-A3A9-214BFD9DE150} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {9876CF94-3A85-4133-AD1A-8B3CF2130063} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-12-19] (Acer Incorporated)
Task: {9EA36F30-FFFE-41AC-B3AB-EB24FE697E7E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-21] (Microsoft)
Task: {B580204D-33E3-49C4-8293-31890B0C45A8} - System32\Tasks\G2MUploadTask-S-1-5-21-634217685-3676121620-3412417090-1001 => C:\Users\songe_000\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C1CFA249-4E02-41A9-8FA5-F7389F095C90} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-08-28] (COMODO)
Task: {C2BA6F5F-9916-4677-A62B-57CADF6CEC06} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-28] (COMODO)
Task: {C7C30F43-94AF-4101-BA90-E6E7A4A132F4} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {C9E84E55-7241-4BEC-B7E3-8D0E123A207B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {D8E0E458-1F44-4E78-B1BF-AFF9AEB4786F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {D980A4CB-AA1C-4A00-BD09-85C5066B5BB0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-21] (Microsoft Corporation)
Task: {DAF6F28D-397E-4D0C-AD0B-31F5D75362D1} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-28] (COMODO)
Task: {DFC1478C-747E-4EAD-94AB-66815E81BAA2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-20] (Acer)
Task: {FB487CC6-A508-4614-B10E-067760D50382} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-15] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-634217685-3676121620-3412417090-1001.job => C:\Users\songe_000\AppData\Local\GoToMeeting\7495\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-634217685-3676121620-3412417090-1001.job => C:\Users\songe_000\AppData\Local\GoToMeeting\7495\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-07 18:00 - 2017-06-03 04:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-11-26 23:53 - 2014-06-26 20:10 - 000595456 _____ () C:\Program Files (x86)\DoroPDFWriter\Doro.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-31 04:27 - 2012-04-24 04:43 - 000254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-12-18 17:02 - 2013-12-18 17:02 - 000124480 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-12-18 17:02 - 2013-12-18 17:02 - 000054848 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2015-09-30 21:39 - 2015-11-29 22:32 - 000415128 _____ () C:\WINDOWS\system32\igfxTray.exe
2014-07-31 04:34 - 2014-01-03 15:13 - 000111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-12-28 00:16 - 2017-08-28 22:56 - 000244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2016-12-28 00:17 - 2017-08-28 22:57 - 000156352 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2017-08-28 23:34 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-08-28 23:34 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2016-08-15 15:24 - 2016-08-15 15:24 - 001769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2016-10-24 09:24 - 2017-09-16 16:37 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-20 17:11 - 2016-09-20 17:11 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 23:50 - 2017-03-14 23:50 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 23:51 - 2017-03-14 23:51 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 23:51 - 2017-03-14 23:51 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 23:51 - 2017-03-14 23:51 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-07 18:00 - 2017-06-03 02:47 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-07 18:00 - 2017-06-03 02:47 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-07 18:00 - 2017-06-03 02:51 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-28 00:16 - 2017-08-28 22:55 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2017-04-10 17:01 - 2017-04-10 17:01 - 001695440 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8568.57561.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-08-28 16:57 - 2017-08-23 02:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-28 16:57 - 2017-08-23 02:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2016-03-16 10:25 - 2017-07-20 09:03 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2017-07-13 20:51 - 2017-07-13 20:51 - 001041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:42 - 2016-12-21 14:22 - 051777648 _____ () C:\Users\songe_000\AppData\Roaming\Spotify\libcef.dll
2016-10-28 21:18 - 2016-12-21 14:22 - 000110192 _____ () C:\Users\songe_000\AppData\Roaming\Spotify\SpotifyWinRT.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 000202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 000119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2016-09-20 20:48 - 2016-09-20 20:48 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-09-23 16:42 - 2016-12-21 14:22 - 001803888 _____ () C:\Users\songe_000\AppData\Roaming\Spotify\libglesv2.dll
2015-09-23 16:42 - 2016-12-21 14:22 - 000086128 _____ () C:\Users\songe_000\AppData\Roaming\Spotify\libegl.dll
2014-07-31 04:06 - 2013-12-09 17:27 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

mom26gr8kids · Sep 17, 2017

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothDesktopHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CfgSPCellular.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin99ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CspCellularSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DuCsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAPNCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpinkcoi5C12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpinkins5C12.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxSDK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelCpHDCPSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp120.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintRenderAPIHost.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSaveExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]

mom26gr8kids · Sep 17, 2017

AlternateDataStreams: C:\WINDOWS\SysWOW64\ac3filter.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DavSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iconv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xvid.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\point64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VirtualAudio1.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmclr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [0]
AlternateDataStreams: C:\ProgramData\Temp:7A2101AB [0]
AlternateDataStreams: C:\ProgramData\Temp:BAC2F271 [0]
AlternateDataStreams: C:\ProgramData\Temp

DEB08FD [0]
AlternateDataStreams: C:\Users\songe_000\Downloads\10566-halfadozenkids-tags (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\10566-halfadozenkids-tags.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\2nd-3rd Small Group-March 12.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\AdwCleaner.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\almedia-converter_full351.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\cispremium_installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\Install_Y2 (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\MaxUninstaller_Setup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\MaxUninstaller_Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\mbar-1.08.3.1004.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\noteburner-m4v-converter-plus.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\songe_000\Downloads\noteburner-m4v-converter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\RS TEXAS Rsources.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\Setup.X86.en-US_O365HomePremRetail_0c7d5447-a8b2-4030-b6eb-1526a3c73fb2_TX_PR_.exe:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\sharepoint.com -> hxxps://studentcccsedu-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\songe_000\Pictures\desktop wallpaper\spring-flowers-growing-1366x768-13141629.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

mom26gr8kids · Sep 17, 2017

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{00236EC4-B65A-40A4-A24F-F3E873934C15}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{2024B434-269F-4F96-8A9E-BC29D2116955}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{57AE1212-BECB-49B5-9031-5B746C6A1619}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{D1A9301C-E3E4-434A-8082-E052D833D6D7}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{11BFEBD7-9DE0-4224-B213-631A3ACCDE70}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{ABA8D62E-80BA-4575-B8C1-5EE854EEE873}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C2DF89AD-13A8-46C2-B844-4DCD20ADFA9F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C126C04E-B406-446D-AE77-BB740DBCD0E0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3AB8CC6A-C717-46B7-B02F-04EC2D30F3D0}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{DEB2B719-34B1-4048-978D-DAD7C684F6CF}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{6205C4D2-344D-4018-91EC-FAF3F248C18A}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A444437B-4F85-4F41-82F0-BC52DFE26483}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{C4246184-B078-4136-AEC0-71242368BFE7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{AF759300-2CFA-4E92-AD98-B0387D63750E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{83EAA9C5-13AE-4379-8A7A-1A451DE149F1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0CDEF45C-EBCE-40DD-A906-4D8A19357239}] => (Allow) C:\Program Files\Soluto\SolutoRemoteDirect.exe
FirewallRules: [{27BC92BA-C0DF-4F0A-B402-803DE4B8C650}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{A86C510D-1FBE-4A07-B7D3-6688972260BF}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{F06DBE26-DCDC-43DB-923B-84922C3D7501}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{0F557B47-74C5-41DD-A6DF-EC7019C28C0A}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{622F8DA1-E917-4525-82F4-95CE89573A91}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{8583C492-5FAC-4950-B27D-85673B8A59F1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{C0A50D40-4FBC-4225-A75A-0F9FD9A3A385}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5B845775-762B-40A0-BB1D-F61FDF22BB8A}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{34912F3A-F2D0-4438-9420-CC762555A183}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{CEFCBC5D-294D-48FD-B250-9584842DE192}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{AB0F8975-BA91-45AA-8389-E538AF6033F3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{79E8EE5B-0B90-4ED6-B332-9F3DFF41F7AF}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{E0F07D32-362A-42ED-97E1-2A1D3865FFDD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{057DC14D-EFDB-4A07-A145-AA644A742B2D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{3DD3649E-E7D5-4AED-9E4A-6833D37AFBD6}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{53C87CE3-47A8-4F93-B0BD-520F1A21B2B1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{4BF74386-68AA-4104-ABA6-8F7D80142BB0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{0861019B-875B-4A10-9D3B-213164B67BA9}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{C243A41F-FBA1-4674-84FE-ECFDD2CBA840}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{81AD1F53-D770-4C1D-BA7A-4F2DCBA344FA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{A8CC1775-D679-4C99-85EA-324560AA6292}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{CBE73F58-AB6C-4FF7-A5AA-CB1EE0114910}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{B2CB0BF9-8ABF-4098-896C-D1D77F1FB73A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{8B489C99-EFED-4EA5-A3E4-669318A95753}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{D47B7414-60D1-4252-931D-6DE0E3B83698}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{CA212984-C696-49A8-AE50-B087954C39EE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{A8573D83-3F62-4B63-8F72-25BC95DE1FE3}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{69446298-6357-443B-8251-DCABB696B4AB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{1D67F0DF-34D4-447D-9440-263584BA3932}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{D9555367-7BFA-4AA6-982F-8B42357225FD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{CBCD7F61-1B35-46F6-97EA-815F9F82BA58}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{83B83E5C-AAB5-4A6C-97F9-5164F9ED193C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{8AAED861-7B16-459D-8ED6-13A33C8600CF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{1F685178-EA4D-4AA3-BBF8-C4C8E20932B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{88E207CF-08D8-4A64-8C9A-0D51CF4F3333}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6A1C400-85F1-4DC5-A059-AE2F3DF325DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1DD69A2-519A-4BB1-9F12-F578B2F4AA42}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B16D34A-BDE4-4761-B960-83F3A988E93E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{087C7601-8720-45BD-8447-AD5254C91DAC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F64A059C-30FF-41AD-A425-189CE24C68F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{487A07D8-3374-4DFD-AC5B-753AF1596829}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{292AC2E5-5F18-4EAD-AC73-EC05D8D2695C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0797C174-7686-488C-A944-2D4C77F4FC79}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{862EF299-342E-4255-98EC-89B02044CF19}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{DAB56AD2-B2EA-4BFB-8CCB-217F67022528}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{AAC31940-E5C7-468A-9E3F-65F4F9845731}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C03B7854-7BAD-486C-A091-8C8C8997D418}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4E897D40-E6AC-4B6E-BA94-1DAE00C4E192}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B049E71A-59E5-42B7-AD7D-2F1F556BD488}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6ED28BD2-A969-4B35-8E12-BB80B9605C17}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6F633001-09A5-4859-8FA0-D6D5803D4DA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A5F43AA4-DD7B-429A-9C28-5A4193D66627}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{42D6CA32-D9D2-41D9-B7CE-4F2FC9D9A83C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{318CECFA-D32D-48AB-8A81-CE985D8CE539}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2BB3DBE6-91AB-46E8-AF0C-BF4A7B0CA04B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{5B522B84-DF1F-4CE2-B113-8C1F69F32FE5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{D5F409BF-8A9F-47D0-802D-116B76665B69}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{D9ADAFBA-88C9-4225-BE10-12F894082EFA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1ABA8D1C-3966-42E8-9FD7-438F94A46FA1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D3C689FC-2F31-43D7-BC1D-23548AC10842}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{646F6972-AA14-4723-8192-E52D82C4F992}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1343D175-4BF6-4E90-90AB-E56BA1F2311C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{99C2F080-43BB-4DF9-81E5-219381284ACE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1B3683A4-B449-4D6C-9252-72E7DA494F9E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{BAF9A487-642E-4D99-A217-EF9A8052C634}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1624C5C2-8284-447E-8853-6712189171CC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EC87B11F-1667-4B5F-BA70-4048A7E23BF8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{814D7CDE-92D7-45B9-8016-26E503FEB4F2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{24DD4180-2FF4-4489-BECC-A0B75990A875}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9AA4F94A-35B8-46DA-8F3C-D4D3CA2B97E6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3ED60866-5EE2-4382-A788-2648A03216E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2AC5E4CE-DF7B-48F4-AB50-B0E882C3BD2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{01E8A7C1-B69E-4D61-B528-95F1933452BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{5C24F2A6-8FB8-4736-A723-D9091A00F642}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{F3EBBBFF-1560-466C-991B-B6B05B6CDD37}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{43A9D858-8EB2-4D2C-B546-D9A8C65688BC}] => (Allow) C:\Users\songe_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9C81E31D-1FB0-4BB3-9824-BD5F22CC185D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{F056919F-1BA2-40C4-A168-9935E4BB2796}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{1B6E200F-3865-4F73-BBD8-DEC53F29D2E3}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{98B2DFB3-C03F-4223-BE51-B86487471B09}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{138FFF1D-F20C-4F6A-86D9-1307290C51AD}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DFCEACDA-092A-4A55-9942-549F974C3D65}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{31741EF3-A886-45A4-B92A-4CF5E85C1670}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{678003C3-8AF4-4AB3-B4FC-93EBC73AE2C2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C8098A4A-FD4B-4EA1-85EA-A2F49F0CA64A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B31AB466-2234-4560-B053-C049F02D302C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F8993880-EC36-42EF-9B25-80ADAD21190D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F4C2A124-642A-4F35-8FBF-A47FC3A87F11}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7507D646-3A42-48AC-9AFF-82492AAD5A86}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0C13D7C8-AF0F-4385-AA5D-BD2CA1E2FA91}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D704FC1F-E959-4AA0-8E68-4026A5E9CBC2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4A00C396-E7AA-4FAD-A457-08B98729E84F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{70ED23CC-346C-4872-AEF6-379805B432EC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AB86E766-0963-44A5-8C40-26722B898A2A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2519A1DF-B16D-4C73-BC42-254711584A0E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B59ECFBB-80F4-42E6-B9DF-E44F03F2A553}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B8011E13-D5D2-4555-8605-4B1478491DB1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{40C74F0B-5914-4B66-B921-060B7B04F9DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4EF4DADA-E14F-4EE5-905B-AAD1F2E946BE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0383FCA1-B573-4107-81E6-C5289D3B30B8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C8B6E443-CE15-4E1B-A9BB-FBE5A40CA136}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{FFC80977-D188-4634-9A80-E942AFA506BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5689A824-1CDF-4C15-A3DD-E844711E7A04}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{D58E4BCB-4548-4680-BD8B-511FC992C02E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{E86F153E-1082-4DF0-A826-22F276BA7A61}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{0A490A81-03F1-429D-BFAE-F890253976EB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F90A2635-C6AE-4489-86E2-A6CEEC3EB240}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{83F4D3FF-0047-4F0E-95F6-7F059EBF6C23}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A21E2346-4210-4911-A270-F994A7970F37}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{202E60DA-C480-48FA-8BEE-9D749454ADFA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{42EFD9D8-A1F5-4E06-BF93-EDD086F877BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B2D43925-0DB1-4E26-BA48-4FA49613FEC6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{00812894-7509-42B8-80BA-90B1A5436DB4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{50C116BE-F057-435A-AB21-2AAAA556FD90}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{502BD199-955F-40B5-B834-8751A00D075E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A72FBB1-2786-417C-B83E-37F759C34E73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{970CE1B8-1AD2-461B-AF8E-C33665CBEEE5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8F81D309-ED55-470A-9D8C-465E9F3DD7C1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8C9111E4-07A7-4DAF-9098-BE8D8531E712}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7C18D753-D319-40DB-88DF-FC30211EFE99}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52B38A9A-D8E1-46FD-A5C1-2DED45F967ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0A5D90D3-4F76-481B-81BE-3A291F5B0B4B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1FC0E619-31F8-428F-AD1A-930CC31C717F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5717E7B9-B007-4D32-8AD8-1E2E19BFD452}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{06F41FA4-6B70-4D01-9E36-7C35D035D955}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B69D2AA8-482F-4F43-90BF-298A5C6FB808}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C6B1CE5F-0453-4F16-B4B7-BC8689D26F72}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D87CA709-90E4-48BF-9F19-B220C41E2014}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B653A0BE-8BE3-4045-A586-0D322D749C06}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0046F486-9951-45ED-AEB5-922FDA7EBC97}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1BA4D898-8827-4D69-A194-2D34845A922D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F0A48ABC-ABC8-4A8C-99A3-72E673F17979}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ABC073FC-B542-4D13-B674-C3BD30616FEF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{834784A6-B596-4244-A361-92BF06F7F38E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{60027485-8FB9-453D-ADD5-50165E3FB923}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{11BAD5E6-E6DD-462B-83E9-07787B02D14D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{79E280B7-CC71-4947-B446-A56CF06FF8B6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{22BF4FE2-81AB-44F7-83B1-A4298744F4DC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AD96EC36-0882-4125-8E38-86BA094E515D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{893EC21B-B9C3-43B4-9F6F-BB9AC9D30E17}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C1082CBF-EEED-42D7-B1BF-AC353933445F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1A4C59F0-9084-4B6E-BD77-C7ED087523B9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4C0CEC6D-A1C1-4793-B02B-71549A0D12DA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{050B935D-809B-4699-87B2-C2522F3BE30E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D57E921A-2B52-4030-873A-ED24230B865C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C2925A1C-1A29-49CB-8809-DA8BAAC86911}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1BACC9CB-EF38-47D7-B0B8-8E14E4D5C752}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F9A050DB-DC5C-475F-8A1F-BE4A9F0A2CCA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{108F4A87-3C16-4038-80FB-69A54E83F113}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{16695FC9-695C-43E3-90AD-8634B496298C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EF7E8372-6421-4F28-9BF8-4846F7D4ACBC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EF253CD6-7D3E-4BFA-AEE1-7809108E9827}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{302E624F-1143-4E7F-9EB5-AB3ABA4788D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A2B33C06-38FB-4CAE-840E-20986BD50D95}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{FCAF4C16-D0DA-4F62-B702-7C460D5FE5CC}C:\users\songe_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\songe_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B2CCB2C9-DAF0-4B4B-A71D-B8A362388FF7}C:\users\songe_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\songe_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FD83F711-2701-4CA0-80D7-96FF5464703B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FD620598-A759-44CA-9F40-3840505D211F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2AD03CDC-6E28-4FC5-AA47-DEF3236D1BF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5988247A-E212-4CA2-A798-E72008A3661F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F726D270-20BF-4F90-A84B-87299766F45C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D969EFD3-1DA9-4081-B160-E4EE6F6D9B16}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5A1F0B58-0956-4365-8ABA-97AEF8041598}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{832D7CE9-F140-4072-8A22-5517DAC1C879}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [TCP Query User{0B520AD6-4A9C-4619-B0A6-AECFD6CE652E}C:\users\songe_000\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\songe_000\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{B63B0D33-97C9-402C-9395-8BA9EBB66E26}C:\users\songe_000\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\songe_000\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{35B83626-70B2-411E-8DCD-04A7B6921CA2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E75D9322-35DF-4C9A-9DB1-94C84FC49572}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{35E260E3-96CC-4439-80B7-0B0B46F1AFF4}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

System error 123 has occurred.

The filename, directory name, or volume label syntax is incorrect.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 75%
Total physical RAM: 4019.27 MB
Available physical RAM: 973.28 MB
Total Virtual: 7091.27 MB
Available Virtual: 3092.34 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.4 GB) (Free:237.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CEE1CD6E)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Sep 17, 2017

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

mom26gr8kids · Sep 21, 2017

Sorry for the delay, we have been having some family issues involving my daughter. Here is the Rogue Killer report. Will post the rest of the logs today.

RogueKiller V12.11.16.0 (x64) [Sep 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : songe_000 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 09/21/2017 04:25:45 (Duration : 02:17:48)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://acer13.msn.com/?pc=ACJB -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-22V0TT0 +++++
--- User ---
[MBR] 16fa9724b6154b3b8d320e9a2b22144b
[BSP] c9250c8a97be4eab352b593d4a764ee6 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 600 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1230848 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1845248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2107392 | Size: 459163 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 942473216 | Size: 16748 MB
User = LL1 ... OK
User = LL2 ... OK

mom26gr8kids · Sep 21, 2017

Mbam log

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/21/17
Scan Time: 8:06 AM
Log File: 185b7216-9ed6-11e7-bedd-f8a963dce7d1.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2855
License: Trial

-System Information-
OS: Windows 10 (Build 14393.1358)
CPU: x64
File System: NTFS
User: MOMSPC\songe_000

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 419317
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 51 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

mom26gr8kids · Sep 21, 2017

Adware cleaner
# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 21 16:55:44 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1010 B] - [2017/9/21 16:53:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Broni · Sep 21, 2017

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

mom26gr8kids · Sep 21, 2017

The Junkware removal tool says that validating the restore point has failed, restore point creation encountered an error, but I can press any key to continue. Should I continue?

mom26gr8kids · Sep 21, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by songe_000 (21-09-2017 20:51:30)
Running from C:\Users\songe_000\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-21 02:13:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-634217685-3676121620-3412417090-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-634217685-3676121620-3412417090-503 - Limited - Disabled)
Guest (S-1-5-21-634217685-3676121620-3412417090-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-634217685-3676121620-3412417090-1003 - Limited - Enabled)
songe_000 (S-1-5-21-634217685-3676121620-3412417090-1001 - Administrator - Enabled) => C:\Users\songe_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.10.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
Ableton Live 9 Lite (HKLM-x32\...\{81C44E70-0F73-4BE5-B646-3C4F54C4F32A}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Trial (HKLM-x32\...\{300E84D8-F6D1-4B58-906F-7E41F34E6D42}) (Version: 9.0.0.0 - Ableton)
abMusic (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 3.01.2002.1 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.02.3002 - Acer Incorporated)
Acer Touch Tools (HKLM\...\{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}) (Version: 1.01.3001 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Aimersoft DRM Media Converter(Build 1.6.0.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version: - Aimersoft Software)
Alice Greenfingers 2 (HKLM-x32\...\BFG-Alice Greenfingers 2) (Version: - )
Aloha TriPeaks (HKLM-x32\...\WTA-a0c80ba3-d5c9-49c0-8d1e-2df82fa89bd3) (Version: 2.2.0.98 - WildTangent) Hidden
Amazon Music (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Amazon Amazon Music) (Version: 5.4.2.1801 - Amazon Services LLC)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot 2: Town of the Year (HKLM-x32\...\BFG-Build-a-lot 2 - Town of the Year) (Version: - )
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
COMODO Internet Security Premium (HKLM\...\{67DA4459-33A8-4E69-9C7B-FB5CBADA60AB}) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-66cb0f17-50fb-49ff-8924-bad585a1895e) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)
Doro 1.94 (HKLM-x32\...\Doro_is1) (Version: - CompSoft)
Fishdom 3 (HKLM-x32\...\BFG-Fishdom 3) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-068bedf7-38fc-4849-bcd3-6ca159b577c0) (Version: 2.2.0.110 - WildTangent) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.1 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.2.424651.94 - Comodo)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Jojo's Fashion Show: World Tour (HKLM-x32\...\BFG-Jojo's Fashion Show - World Tour) (Version: - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Locklizard Safeguard - PDF Viewer (HKLM-x32\...\Locklizard Safeguard - PDF Viewer_sf) (Version: 2.6.41 - Locklizard Ltd.)
Luxor Evolved (HKLM-x32\...\WTA-3cb536ee-0c52-4c62-96d1-745290a647db) (Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (HKLM-x32\...\WTA-1ae77067-327d-44ce-8e91-ed114ced669a) (Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8326.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NoteBurner M4V Converter 4.0.2 (HKLM-x32\...\NoteBurner M4V Converter_is1) (Version: - NoteBurner Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-b8cce2f1-44d8-43e4-a1cd-08dd51375bc1) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-98f57e61-1788-4aad-8a81-305491c5a4cf) (Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7203 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.16.0 - Adlice Software)
Shop-N-Spree: Family Fortune (HKLM-x32\...\BFG-Shop-N-Spree Family Fortune) (Version: - )
Soluto (HKLM\...\{AD78441D-E016-4119-A0AE-9ECB763B6A3D}) (Version: 1.3.1500.2 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Tapestry of Grace Year 2 Digital Edition (HKLM-x32\...\Tapestry of Grace Year 2 Digital Edition) (Version: 2016.0325 - Lampstand Press)
Tapestry Year 3 (HKLM-x32\...\Tapestry Year 3) (Version: 2016.0325 - Lampstand Press)
Tapestry Year 4 (HKLM-x32\...\Tapestry Year 4) (Version: 2016.0328 - Lampstand Press)
The Chronicles of Emerland Solitaire (HKLM-x32\...\WTA-59102d9c-31c7-4943-bf3b-0e338ee507d7) (Version: 3.0.2.32 - WildTangent) Hidden
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #10 (HKLM-x32\...\ST6UNST #10) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #11 (HKLM-x32\...\ST6UNST #11) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #12 (HKLM-x32\...\ST6UNST #12) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #3 (HKLM-x32\...\ST6UNST #3) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #4 (HKLM-x32\...\ST6UNST #4) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #5 (HKLM-x32\...\ST6UNST #5) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #6 (HKLM-x32\...\ST6UNST #6) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #7 (HKLM-x32\...\ST6UNST #7) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #8 (HKLM-x32\...\ST6UNST #8) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) #9 (HKLM-x32\...\ST6UNST #9) (Version: - )
TranscriptPro for Umbrella Schools (C:\Program Files (x86)\TranscriptPro Umbrella\) (HKLM-x32\...\ST6UNST #2) (Version: - )
TranscriptPro for Umbrella Schools (HKLM-x32\...\ST6UNST #1) (Version: - )
Trinklit Supreme (HKLM-x32\...\WTA-021203c5-41b1-47d6-8e5e-24191ded62f1) (Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.20 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-634217685-3676121620-3412417090-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\songe_000\AppData\Local\Citrix\GoToMeeting\4800\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-08] (Acer Incorporated)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-28] (COMODO)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-28] (COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-30] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2015-09-30] (Intel Corporation)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-28] (COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {031368AD-69FA-42F5-9836-00FC1C7A6873} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)
Task: {036CC33F-9545-4394-9159-58C1BDED1546} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-09-20] (Acer Incorporated)
Task: {08FB1CFF-406B-4377-9C10-0364DEFA1615} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0D6B97AC-F2D2-4B8F-AB58-80CAC6B358AF} - System32\Tasks\G2MUpdateTask-S-1-5-21-634217685-3676121620-3412417090-1001 => C:\Users\songe_000\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0EE31A40-E7F5-4430-9CF1-4F70BF3FFC88} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)
Task: {16E0EE90-DC55-4921-99FD-69262DB1C64A} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {1B9C1DD4-F810-42CE-8D2B-522648E10321} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-15] (Microsoft Corporation)
Task: {1BA8203E-D888-4C65-87EC-ECDC370FE4C7} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {1C73E622-8FD6-4270-B5CF-4102D8871ADF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {1CEFCF95-37A5-4291-9AC6-4E6FCCF21D9C} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2016-08-15] ()
Task: {1FD632AE-52AF-4024-B8A6-3BF3BC89FD46} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {267662B5-1367-4E02-9FC6-99CD0B27701E} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-25] (TODO: <Company name>)
Task: {2E83424C-07B1-4CCF-A360-627134EE6F72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3546FB58-3758-4717-9B11-3E15CF872BA5} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-21] (Microsoft Corporation)
Task: {3B68FC16-40AF-4A9F-BB31-4339A32D20DD} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {475470D8-E6D8-4501-9B94-AD2F3077BA98} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-28] (COMODO)
Task: {4D9A1146-9D5C-4B0D-9FCD-06BD35763CBB} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-28] (COMODO)
Task: {4EF31B12-97EE-4F2E-8B4A-BFFD3EF0D167} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {50398683-5D96-46F5-BE56-83CC74209A4D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-17] ()
Task: {555A5627-076E-40FC-8957-D0FECA9D6473} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-17] (Microsoft Corporation)
Task: {56F5CB9E-9FFD-4AC7-9CC5-52A809E8A239} - System32\Tasks\Screen Grasp GestureDetection => C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe [2013-12-19] (Acer Incorporated)
Task: {575997F7-92DC-4DF0-B93A-8B443BA4BA4C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {5C73D677-93C1-4193-AEC4-C4A920B0BB9B} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-08-28] (COMODO)
Task: {5DE19AE0-A353-4BEB-A50D-83D2898D0D47} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\songe_000\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {65CB0CBC-62D9-46E8-AC63-0E1828D6EE45} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)
Task: {6940B4D4-539C-4B45-A9EE-54B4DA9C94B9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-21] (Microsoft Corporation)
Task: {78D748B5-11E1-4D10-8558-6156ABB6A2EF} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-28] (COMODO)
Task: {7DB3C51D-D6F0-4E26-8ECF-96AA4CCC4620} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-12-19] (Acer Incorporated)
Task: {82327D8E-CE75-415E-82FC-6E8D6690898E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-14] (Adobe Systems Incorporated)
Task: {9062A850-12C3-4B78-A7DB-D427C0C60BF2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-21] (Microsoft Corporation)
Task: {9244C2CD-693F-412E-ACB3-57FDED784C3E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-17] ()
Task: {9876CF94-3A85-4133-AD1A-8B3CF2130063} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-12-19] (Acer Incorporated)
Task: {9EA36F30-FFFE-41AC-B3AB-EB24FE697E7E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-21] (Microsoft)
Task: {B580204D-33E3-49C4-8293-31890B0C45A8} - System32\Tasks\G2MUploadTask-S-1-5-21-634217685-3676121620-3412417090-1001 => C:\Users\songe_000\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C1CFA249-4E02-41A9-8FA5-F7389F095C90} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-08-28] (COMODO)
Task: {C2BA6F5F-9916-4677-A62B-57CADF6CEC06} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-28] (COMODO)
Task: {C7C30F43-94AF-4101-BA90-E6E7A4A132F4} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)
Task: {D8E0E458-1F44-4E78-B1BF-AFF9AEB4786F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {D980A4CB-AA1C-4A00-BD09-85C5066B5BB0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-21] (Microsoft Corporation)
Task: {DAF6F28D-397E-4D0C-AD0B-31F5D75362D1} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-08-28] (COMODO)
Task: {DB303A6B-CD41-4A6C-A37A-3438AFD28708} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {DFC1478C-747E-4EAD-94AB-66815E81BAA2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-20] (Acer)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-634217685-3676121620-3412417090-1001.job => C:\Users\songe_000\AppData\Local\GoToMeeting\7495\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-634217685-3676121620-3412417090-1001.job => C:\Users\songe_000\AppData\Local\GoToMeeting\7495\g2mupload.exe

mom26gr8kids · Sep 21, 2017

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-07-07 18:00 - 2017-06-03 04:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-11-26 23:53 - 2014-06-26 20:10 - 000595456 _____ () C:\Program Files (x86)\DoroPDFWriter\Doro.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-31 04:27 - 2012-04-24 04:43 - 000254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-12-18 17:02 - 2013-12-18 17:02 - 000124480 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-12-18 17:02 - 2013-12-18 17:02 - 000054848 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2017-09-21 08:04 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-10-24 09:24 - 2017-09-17 04:48 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-07-31 04:34 - 2014-01-03 15:13 - 000111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-12-28 00:16 - 2017-08-28 22:56 - 000244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2015-09-30 21:39 - 2015-11-29 22:32 - 000415128 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-20 17:11 - 2016-09-20 17:11 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 23:50 - 2017-03-14 23:50 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 23:51 - 2017-03-14 23:51 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 23:51 - 2017-03-14 23:51 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 23:51 - 2017-03-14 23:51 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-07-07 18:00 - 2017-06-03 02:47 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-07-07 18:00 - 2017-06-03 02:47 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-07-07 18:00 - 2017-06-03 02:51 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-28 00:17 - 2017-08-28 22:57 - 000156352 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2017-08-28 23:34 - 2017-05-09 03:05 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-08-28 23:34 - 2017-05-09 03:05 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2016-08-15 15:24 - 2016-08-15 15:24 - 001769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2017-08-28 16:57 - 2017-08-23 02:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-28 16:57 - 2017-08-23 02:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2016-12-28 00:16 - 2017-08-28 22:55 - 000107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2016-03-16 10:25 - 2017-07-20 09:03 - 000073920 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-07-31 04:02 - 2013-10-01 03:09 - 000078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothDesktopHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CfgSPCellular.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin99ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CspCellularSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DuCsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAPNCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpinkcoi5C12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpinkins5C12.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxSDK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelCpHDCPSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp120.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintRenderAPIHost.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSaveExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]

mom26gr8kids · Sep 21, 2017

AlternateDataStreams: C:\WINDOWS\SysWOW64\ac3filter.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DavSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iconv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xvid.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\point64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VirtualAudio1.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmclr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:7A2101AB [460]
AlternateDataStreams: C:\ProgramData\Temp:BAC2F271 [229]
AlternateDataStreams: C:\ProgramData\Temp

DEB08FD [194]

mom26gr8kids · Sep 21, 2017

AlternateDataStreams: C:\Users\songe_000\Downloads\AdwCleaner.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\almedia-converter_full351.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\cispremium_installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\MaxUninstaller_Setup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\MaxUninstaller_Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\mbar-1.08.3.1004.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\noteburner-m4v-converter-plus.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\songe_000\Downloads\noteburner-m4v-converter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\RS TEXAS Rsources.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\Setup.X86.en-US_O365HomePremRetail_0c7d5447-a8b2-4030-b6eb-1526a3c73fb2_TX_PR_.exe:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\sharepoint.com -> hxxps://studentcccsedu-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\songe_000\Pictures\desktop wallpaper\spring-flowers-growing-1366x768-13141629.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{00236EC4-B65A-40A4-A24F-F3E873934C15}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{2024B434-269F-4F96-8A9E-BC29D2116955}] => (Allow) C:\Program Files (x86)\Acer\abMusic\WindowsUpnpMV.exe
FirewallRules: [{57AE1212-BECB-49B5-9031-5B746C6A1619}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{D1A9301C-E3E4-434A-8082-E052D833D6D7}] => (Allow) C:\Program Files (x86)\Acer\abMusic\DMCDaemon.exe
FirewallRules: [{11BFEBD7-9DE0-4224-B213-631A3ACCDE70}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{ABA8D62E-80BA-4575-B8C1-5EE854EEE873}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C2DF89AD-13A8-46C2-B844-4DCD20ADFA9F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C126C04E-B406-446D-AE77-BB740DBCD0E0}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3AB8CC6A-C717-46B7-B02F-04EC2D30F3D0}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{DEB2B719-34B1-4048-978D-DAD7C684F6CF}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{6205C4D2-344D-4018-91EC-FAF3F248C18A}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{A444437B-4F85-4F41-82F0-BC52DFE26483}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{C4246184-B078-4136-AEC0-71242368BFE7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{AF759300-2CFA-4E92-AD98-B0387D63750E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{83EAA9C5-13AE-4379-8A7A-1A451DE149F1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0CDEF45C-EBCE-40DD-A906-4D8A19357239}] => (Allow) C:\Program Files\Soluto\SolutoRemoteDirect.exe
FirewallRules: [{27BC92BA-C0DF-4F0A-B402-803DE4B8C650}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{A86C510D-1FBE-4A07-B7D3-6688972260BF}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{F06DBE26-DCDC-43DB-923B-84922C3D7501}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{0F557B47-74C5-41DD-A6DF-EC7019C28C0A}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{622F8DA1-E917-4525-82F4-95CE89573A91}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{8583C492-5FAC-4950-B27D-85673B8A59F1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{C0A50D40-4FBC-4225-A75A-0F9FD9A3A385}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5B845775-762B-40A0-BB1D-F61FDF22BB8A}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{34912F3A-F2D0-4438-9420-CC762555A183}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{CEFCBC5D-294D-48FD-B250-9584842DE192}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{AB0F8975-BA91-45AA-8389-E538AF6033F3}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{79E8EE5B-0B90-4ED6-B332-9F3DFF41F7AF}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{E0F07D32-362A-42ED-97E1-2A1D3865FFDD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{057DC14D-EFDB-4A07-A145-AA644A742B2D}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{3DD3649E-E7D5-4AED-9E4A-6833D37AFBD6}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{53C87CE3-47A8-4F93-B0BD-520F1A21B2B1}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{4BF74386-68AA-4104-ABA6-8F7D80142BB0}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{0861019B-875B-4A10-9D3B-213164B67BA9}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{C243A41F-FBA1-4674-84FE-ECFDD2CBA840}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{81AD1F53-D770-4C1D-BA7A-4F2DCBA344FA}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{A8CC1775-D679-4C99-85EA-324560AA6292}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{CBE73F58-AB6C-4FF7-A5AA-CB1EE0114910}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{B2CB0BF9-8ABF-4098-896C-D1D77F1FB73A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{8B489C99-EFED-4EA5-A3E4-669318A95753}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{D47B7414-60D1-4252-931D-6DE0E3B83698}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{CA212984-C696-49A8-AE50-B087954C39EE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{A8573D83-3F62-4B63-8F72-25BC95DE1FE3}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{69446298-6357-443B-8251-DCABB696B4AB}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{1D67F0DF-34D4-447D-9440-263584BA3932}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{D9555367-7BFA-4AA6-982F-8B42357225FD}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{CBCD7F61-1B35-46F6-97EA-815F9F82BA58}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{83B83E5C-AAB5-4A6C-97F9-5164F9ED193C}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{8AAED861-7B16-459D-8ED6-13A33C8600CF}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{1F685178-EA4D-4AA3-BBF8-C4C8E20932B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{88E207CF-08D8-4A64-8C9A-0D51CF4F3333}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6A1C400-85F1-4DC5-A059-AE2F3DF325DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1DD69A2-519A-4BB1-9F12-F578B2F4AA42}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B16D34A-BDE4-4761-B960-83F3A988E93E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{087C7601-8720-45BD-8447-AD5254C91DAC}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F64A059C-30FF-41AD-A425-189CE24C68F4}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{487A07D8-3374-4DFD-AC5B-753AF1596829}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{292AC2E5-5F18-4EAD-AC73-EC05D8D2695C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{0797C174-7686-488C-A944-2D4C77F4FC79}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{862EF299-342E-4255-98EC-89B02044CF19}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{DAB56AD2-B2EA-4BFB-8CCB-217F67022528}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{AAC31940-E5C7-468A-9E3F-65F4F9845731}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C03B7854-7BAD-486C-A091-8C8C8997D418}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4E897D40-E6AC-4B6E-BA94-1DAE00C4E192}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{B049E71A-59E5-42B7-AD7D-2F1F556BD488}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6ED28BD2-A969-4B35-8E12-BB80B9605C17}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{6F633001-09A5-4859-8FA0-D6D5803D4DA5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A5F43AA4-DD7B-429A-9C28-5A4193D66627}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{42D6CA32-D9D2-41D9-B7CE-4F2FC9D9A83C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{318CECFA-D32D-48AB-8A81-CE985D8CE539}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2BB3DBE6-91AB-46E8-AF0C-BF4A7B0CA04B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{5B522B84-DF1F-4CE2-B113-8C1F69F32FE5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{D5F409BF-8A9F-47D0-802D-116B76665B69}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{D9ADAFBA-88C9-4225-BE10-12F894082EFA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1ABA8D1C-3966-42E8-9FD7-438F94A46FA1}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{D3C689FC-2F31-43D7-BC1D-23548AC10842}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{646F6972-AA14-4723-8192-E52D82C4F992}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1343D175-4BF6-4E90-90AB-E56BA1F2311C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{99C2F080-43BB-4DF9-81E5-219381284ACE}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1B3683A4-B449-4D6C-9252-72E7DA494F9E}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{BAF9A487-642E-4D99-A217-EF9A8052C634}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1624C5C2-8284-447E-8853-6712189171CC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EC87B11F-1667-4B5F-BA70-4048A7E23BF8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{814D7CDE-92D7-45B9-8016-26E503FEB4F2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{24DD4180-2FF4-4489-BECC-A0B75990A875}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9AA4F94A-35B8-46DA-8F3C-D4D3CA2B97E6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3ED60866-5EE2-4382-A788-2648A03216E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2AC5E4CE-DF7B-48F4-AB50-B0E882C3BD2D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{01E8A7C1-B69E-4D61-B528-95F1933452BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{5C24F2A6-8FB8-4736-A723-D9091A00F642}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{F3EBBBFF-1560-466C-991B-B6B05B6CDD37}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{43A9D858-8EB2-4D2C-B546-D9A8C65688BC}] => (Allow) C:\Users\songe_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9C81E31D-1FB0-4BB3-9824-BD5F22CC185D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{F056919F-1BA2-40C4-A168-9935E4BB2796}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{1B6E200F-3865-4F73-BBD8-DEC53F29D2E3}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{98B2DFB3-C03F-4223-BE51-B86487471B09}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{138FFF1D-F20C-4F6A-86D9-1307290C51AD}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DFCEACDA-092A-4A55-9942-549F974C3D65}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{31741EF3-A886-45A4-B92A-4CF5E85C1670}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{678003C3-8AF4-4AB3-B4FC-93EBC73AE2C2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{C8098A4A-FD4B-4EA1-85EA-A2F49F0CA64A}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B31AB466-2234-4560-B053-C049F02D302C}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{F8993880-EC36-42EF-9B25-80ADAD21190D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{F4C2A124-642A-4F35-8FBF-A47FC3A87F11}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7507D646-3A42-48AC-9AFF-82492AAD5A86}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0C13D7C8-AF0F-4385-AA5D-BD2CA1E2FA91}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{D704FC1F-E959-4AA0-8E68-4026A5E9CBC2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{4A00C396-E7AA-4FAD-A457-08B98729E84F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{70ED23CC-346C-4872-AEF6-379805B432EC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AB86E766-0963-44A5-8C40-26722B898A2A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2519A1DF-B16D-4C73-BC42-254711584A0E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B59ECFBB-80F4-42E6-B9DF-E44F03F2A553}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B8011E13-D5D2-4555-8605-4B1478491DB1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{40C74F0B-5914-4B66-B921-060B7B04F9DD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4EF4DADA-E14F-4EE5-905B-AAD1F2E946BE}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0383FCA1-B573-4107-81E6-C5289D3B30B8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C8B6E443-CE15-4E1B-A9BB-FBE5A40CA136}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{FFC80977-D188-4634-9A80-E942AFA506BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{5689A824-1CDF-4C15-A3DD-E844711E7A04}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{D58E4BCB-4548-4680-BD8B-511FC992C02E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{E86F153E-1082-4DF0-A826-22F276BA7A61}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{0A490A81-03F1-429D-BFAE-F890253976EB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{F90A2635-C6AE-4489-86E2-A6CEEC3EB240}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{83F4D3FF-0047-4F0E-95F6-7F059EBF6C23}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{A21E2346-4210-4911-A270-F994A7970F37}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{202E60DA-C480-48FA-8BEE-9D749454ADFA}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{42EFD9D8-A1F5-4E06-BF93-EDD086F877BF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B2D43925-0DB1-4E26-BA48-4FA49613FEC6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{00812894-7509-42B8-80BA-90B1A5436DB4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{50C116BE-F057-435A-AB21-2AAAA556FD90}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{502BD199-955F-40B5-B834-8751A00D075E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A72FBB1-2786-417C-B83E-37F759C34E73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{970CE1B8-1AD2-461B-AF8E-C33665CBEEE5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8F81D309-ED55-470A-9D8C-465E9F3DD7C1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8C9111E4-07A7-4DAF-9098-BE8D8531E712}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{7C18D753-D319-40DB-88DF-FC30211EFE99}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{52B38A9A-D8E1-46FD-A5C1-2DED45F967ED}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{0A5D90D3-4F76-481B-81BE-3A291F5B0B4B}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1FC0E619-31F8-428F-AD1A-930CC31C717F}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{5717E7B9-B007-4D32-8AD8-1E2E19BFD452}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{06F41FA4-6B70-4D01-9E36-7C35D035D955}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{B69D2AA8-482F-4F43-90BF-298A5C6FB808}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C6B1CE5F-0453-4F16-B4B7-BC8689D26F72}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D87CA709-90E4-48BF-9F19-B220C41E2014}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{B653A0BE-8BE3-4045-A586-0D322D749C06}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0046F486-9951-45ED-AEB5-922FDA7EBC97}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1BA4D898-8827-4D69-A194-2D34845A922D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F0A48ABC-ABC8-4A8C-99A3-72E673F17979}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ABC073FC-B542-4D13-B674-C3BD30616FEF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{834784A6-B596-4244-A361-92BF06F7F38E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{60027485-8FB9-453D-ADD5-50165E3FB923}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{11BAD5E6-E6DD-462B-83E9-07787B02D14D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{79E280B7-CC71-4947-B446-A56CF06FF8B6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{22BF4FE2-81AB-44F7-83B1-A4298744F4DC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{AD96EC36-0882-4125-8E38-86BA094E515D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{893EC21B-B9C3-43B4-9F6F-BB9AC9D30E17}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C1082CBF-EEED-42D7-B1BF-AC353933445F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1A4C59F0-9084-4B6E-BD77-C7ED087523B9}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4C0CEC6D-A1C1-4793-B02B-71549A0D12DA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{050B935D-809B-4699-87B2-C2522F3BE30E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D57E921A-2B52-4030-873A-ED24230B865C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{C2925A1C-1A29-49CB-8809-DA8BAAC86911}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1BACC9CB-EF38-47D7-B0B8-8E14E4D5C752}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{F9A050DB-DC5C-475F-8A1F-BE4A9F0A2CCA}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{108F4A87-3C16-4038-80FB-69A54E83F113}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{16695FC9-695C-43E3-90AD-8634B496298C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EF7E8372-6421-4F28-9BF8-4846F7D4ACBC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{EF253CD6-7D3E-4BFA-AEE1-7809108E9827}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{302E624F-1143-4E7F-9EB5-AB3ABA4788D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{A2B33C06-38FB-4CAE-840E-20986BD50D95}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [TCP Query User{FCAF4C16-D0DA-4F62-B702-7C460D5FE5CC}C:\users\songe_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\songe_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B2CCB2C9-DAF0-4B4B-A71D-B8A362388FF7}C:\users\songe_000\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\songe_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FD83F711-2701-4CA0-80D7-96FF5464703B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FD620598-A759-44CA-9F40-3840505D211F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2AD03CDC-6E28-4FC5-AA47-DEF3236D1BF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5988247A-E212-4CA2-A798-E72008A3661F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F726D270-20BF-4F90-A84B-87299766F45C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D969EFD3-1DA9-4081-B160-E4EE6F6D9B16}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{5A1F0B58-0956-4365-8ABA-97AEF8041598}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{832D7CE9-F140-4072-8A22-5517DAC1C879}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [TCP Query User{0B520AD6-4A9C-4619-B0A6-AECFD6CE652E}C:\users\songe_000\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\songe_000\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{B63B0D33-97C9-402C-9395-8BA9EBB66E26}C:\users\songe_000\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\songe_000\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{35B83626-70B2-411E-8DCD-04A7B6921CA2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E75D9322-35DF-4C9A-9DB1-94C84FC49572}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{35E260E3-96CC-4439-80B7-0B0B46F1AFF4}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

12-09-2017 01:35:16 Windows Update
17-09-2017 02:24:22 Windows Update

==================== Faulty Device Manager Devices =============

Name: Intel(R) Serial IO I2C Host Controller - 9C62
Description: Intel(R) Serial IO I2C Host Controller - 9C62
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iaLPSSi_I2C
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2017 08:36:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (09/21/2017 08:34:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/21/2017 08:13:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1358, time stamp: 0x59327897
Exception code: 0xe0434352
Fault offset: 0x0000000000033c58
Faulting process id: 0x24a0
Faulting application start time: 0x01d3334862258945
Faulting application path: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: e7e61ed5-ae3d-41e8-9ead-5be10931c0dd
Faulting package full name:
Faulting package-relative application ID:

Error: (09/21/2017 08:13:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at updater.Report.AddFPToResult(updater.Result)
at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
at updater.DownloadMgr.DownloadFile(System.String, System.String)
at updater.DownloadMgr.Worker(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/21/2017 08:13:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1358, time stamp: 0x59327897
Exception code: 0xe0434352
Fault offset: 0x0000000000033c58
Faulting process id: 0x31c0
Faulting application start time: 0x01d333482c263b4e
Faulting application path: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7a9e673a-341f-4a71-92da-2e41a4cef210
Faulting package full name:
Faulting package-relative application ID:

Error: (09/21/2017 08:13:15 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at updater.Report.AddFPToResult(updater.Result)
at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
at updater.DownloadMgr.DownloadFile(System.String, System.String)
at updater.DownloadMgr.Worker(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/21/2017 08:12:15 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected

Error: (09/21/2017 04:13:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 10.0.14393.1358, time stamp: 0x59327897
Exception code: 0xe0434352
Fault offset: 0x0000000000033c58
Faulting process id: 0x2bac
Faulting application start time: 0x01d33326db32ad29
Faulting application path: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 64bed7b2-67ac-484d-ab57-7537eebf0de7
Faulting package full name:
Faulting package-relative application ID:

Error: (09/21/2017 04:13:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
at System.Xml.XmlDocument.Load(System.String)
at updater.Report.AddFPToResult(updater.Result)
at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
at updater.DownloadMgr.DownloadFile(System.String, System.String)
at updater.DownloadMgr.Worker(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (09/21/2017 03:29:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cmdagent.exe, version: 10.0.1.6294, time stamp: 0x59a48eea
Faulting module name: cmdagent.exe, version: 10.0.1.6294, time stamp: 0x59a48eea
Exception code: 0xc0000409
Fault offset: 0x00000000004d11c0
Faulting process id: 0x1a68
Faulting application start time: 0x01d33318c85bb78f
Faulting application path: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
Faulting module path: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
Report Id: a7370bc1-e921-482b-a081-d9be397fe885
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (09/21/2017 08:17:49 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/21/2017 08:17:45 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/21/2017 08:17:42 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/21/2017 08:17:38 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/21/2017 08:17:35 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/21/2017 08:17:31 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/21/2017 08:17:27 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/21/2017 08:17:24 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/21/2017 08:17:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/21/2017 08:14:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
Date: 2017-09-21 15:30:08.626
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-09-21 14:33:20.704
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-09-21 11:07:44.438
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-09-21 11:07:38.681
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-09-21 08:05:39.517
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-09-21 07:50:43.401
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-09-21 07:14:02.583
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-09-21 06:55:07.706
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-09-21 06:46:04.833
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-09-21 04:23:44.605
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 79%
Total physical RAM: 4019.27 MB
Available physical RAM: 827.3 MB
Total Virtual: 7091.27 MB
Available Virtual: 3412.08 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.4 GB) (Free:236.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CEE1CD6E)

Partition: GPT.

==================== End of Addition.txt ============================

mom26gr8kids · Sep 21, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
Ran by songe_000 (administrator) on MOMSPC (21-09-2017 20:44:56)
Running from C:\Users\songe_000\Downloads
Loaded Profiles: songe_000 (Available Profiles: songe_000)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\songe_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Amazon Services LLC) C:\Users\songe_000\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(CompSoft) C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Users\songe_000\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileCoAuth.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Malwarebytes) C:\Users\songe_000\Downloads\JRT (1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1489088 2017-08-28] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-09] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [DoroServer] => C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [204800 2014-12-19] (CompSoft)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2016-08-15] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-11-18] (Apple Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-07] (COMODO)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [Spotify Web Helper] => C:\Users\songe_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-21] (Spotify Ltd)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-28] (SUPERAntiSpyware)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-05-09] (Apple Inc.)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [Spotify] => C:\Users\songe_000\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-21] (Spotify Ltd)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [Amazon Music] => C:\Users\songe_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-04-18] (Amazon Services LLC)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{dee13008-c737-4ac5-9444-f2960207d42f}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-17] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-17] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default [2017-09-16]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\2lsg6gue.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\2lsg6gue.default -> Google
FF Keyword.URL: Mozilla\Firefox\Profiles\2lsg6gue.default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B110US662D20141022&p=
FF Extension: (Avira Browser Safety) - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\abs@avira.com.xpi [2017-07-17]
FF Extension: (WOT) - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2017-07-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-01-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-634217685-3676121620-3412417090-1001: @citrixonline.com/appdetectorplugin -> C:\Users\songe_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-11] (Citrix Online)
FF Plugin HKU\S-1-5-21-634217685-3676121620-3412417090-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\songe_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-03] (Unity Technologies ApS)

mom26gr8kids · Sep 21, 2017

Chrome:
=======
CHR Profile: C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default [2017-09-21]
CHR Extension: (Google Slides) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Google Docs) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-07-11]
CHR Extension: (YouTube) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (Google Docs Offline) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-09-20] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10501616 2017-08-28] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-08-28] (COMODO)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-06-30] (Hewlett-Packard Company)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370064 2015-11-29] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-07] (COMODO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]
R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40968 2017-08-08] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [827864 2017-08-08] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50808 2017-08-08] (COMODO)
R3 cpuz136; C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [23856 2016-09-20] (CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-10-12] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [132904 2017-08-08] (COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-21] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-21] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-21] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [761600 2015-06-24] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R3 WsAudio_Device(1); C:\WINDOWS\system32\drivers\VirtualAudio1.sys [31080 2016-05-16] (Wondershare)
S3 iaLPSSi_GPIO; \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys [X]
S3 iaLPSSi_I2C; \SystemRoot\System32\drivers\iaLPSSi_I2C.sys [X]
S0 iaStorAV; System32\drivers\iaStorAV.sys [X]
S0 iaStorV; System32\drivers\iaStorV.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-21 20:44 - 2017-09-21 20:48 - 000022429 _____ C:\Users\songe_000\Downloads\FRST.txt
2017-09-21 20:44 - 2017-09-21 20:44 - 000000000 ____D C:\Users\songe_000\Downloads\FRST-OlderVersion
2017-09-21 14:42 - 2017-09-21 14:42 - 000000000 ___HD C:\$WINDOWS.~BT
2017-09-21 11:10 - 2017-09-21 20:32 - 001790024 _____ (Malwarebytes) C:\Users\songe_000\Downloads\JRT (1).exe
2017-09-21 10:46 - 2017-09-21 10:47 - 008182736 _____ (Malwarebytes) C:\Users\songe_000\Downloads\AdwCleaner (1).exe
2017-09-21 10:44 - 2017-09-21 10:44 - 000001242 _____ C:\Users\songe_000\Desktop\mbamlog.txt
2017-09-21 08:05 - 2017-09-21 20:14 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-21 08:05 - 2017-09-21 10:59 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-21 08:05 - 2017-09-21 10:58 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-21 08:05 - 2017-09-21 10:58 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-21 08:05 - 2017-09-21 08:05 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-21 08:04 - 2017-09-21 08:04 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-21 08:04 - 2017-09-21 08:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-21 08:04 - 2017-09-21 08:04 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-21 08:04 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-21 08:03 - 2017-09-21 08:03 - 000000000 ____D C:\ProgramData\MB2Migration
2017-09-21 04:25 - 2017-09-21 04:25 - 000000903 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-09-21 04:23 - 2017-09-21 04:24 - 035884000 _____ (Adlice Software ) C:\Users\songe_000\Downloads\RogueKiller_setup_ref3.exe
2017-09-17 15:54 - 2017-09-21 20:44 - 000000000 ____D C:\FRST
2017-09-17 15:53 - 2017-09-21 20:44 - 002399744 _____ (Farbar) C:\Users\songe_000\Downloads\FRST64.exe
2017-09-12 01:06 - 2017-09-12 01:06 - 000067293 _____ C:\Users\songe_000\Documents\GraceLloyd.pdf
2017-09-12 00:15 - 2017-09-12 00:20 - 000026703 _____ C:\Users\songe_000\Downloads\Grace Transcript (1).xlsx
2017-09-12 00:14 - 2017-09-12 01:26 - 000066365 _____ C:\Users\songe_000\Documents\KaeleyEagle.pdf
2017-09-12 00:14 - 2017-09-12 00:19 - 000026703 _____ C:\Users\songe_000\Downloads\Grace Transcript.xlsx
2017-08-30 22:42 - 2017-08-03 23:31 - 001564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 001214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-08-30 22:42 - 2017-08-03 23:31 - 000096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-08-30 22:42 - 2017-08-03 23:31 - 000034656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-08-30 22:42 - 2017-08-03 22:26 - 000192864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-08-29 12:07 - 2017-08-29 12:07 - 000063458 _____ C:\Users\songe_000\Documents\JacksonSeidler.pdf
2017-08-29 12:00 - 2017-08-29 12:00 - 003816483 _____ C:\Users\songe_000\Downloads\Jackson Seidler Gradebook 2016-2017.pdf
2017-08-28 23:41 - 2017-08-28 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-08-28 23:39 - 2017-08-28 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-08-28 23:38 - 2017-08-28 23:39 - 000000000 ____D C:\Program Files\iPod
2017-08-26 20:35 - 2017-08-26 20:35 - 000026849 _____ C:\Users\songe_000\Downloads\customPage41005 (3).xlsx
2017-08-25 11:17 - 2017-08-25 11:18 - 001616527 _____ C:\Users\songe_000\Downloads\att.pdf
2017-08-24 12:09 - 2017-08-24 12:09 - 000561602 _____ C:\Users\songe_000\Downloads\Homeschool-Attendance-Record-2017-2018 (1).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-21 20:44 - 2017-03-16 23:52 - 000094140 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-09-21 20:44 - 2017-03-16 23:12 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2017-09-21 20:30 - 2014-10-22 21:58 - 000000000 ____D C:\Users\songe_000\AppData\Local\Packages
2017-09-21 20:11 - 2016-09-20 15:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-21 15:28 - 2016-07-16 05:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-21 14:43 - 2016-09-20 17:15 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-21 13:34 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-21 11:01 - 2014-10-22 23:43 - 000000000 ____D C:\Users\songe_000\AppData\Local\Spotify
2017-09-21 10:58 - 2016-09-20 15:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-21 10:58 - 2014-10-22 21:58 - 000000000 __SHD C:\Users\songe_000\IntelGraphicsProfiles
2017-09-21 10:57 - 2016-09-20 18:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-21 10:56 - 2016-09-20 15:25 - 000000000 ____D C:\Users\songe_000
2017-09-21 10:56 - 2016-07-16 00:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-09-21 10:55 - 2017-03-16 00:21 - 000000000 ____D C:\AdwCleaner
2017-09-21 08:04 - 2015-02-02 22:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-21 08:04 - 2015-02-02 22:20 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-09-21 07:56 - 2016-07-16 05:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-21 04:25 - 2017-03-09 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-09-21 04:25 - 2017-03-09 21:15 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-21 04:25 - 2015-02-03 22:24 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-21 04:20 - 2014-10-22 23:43 - 000000000 ____D C:\Users\songe_000\AppData\Roaming\Spotify
2017-09-18 14:53 - 2014-07-31 04:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-18 14:46 - 2014-10-22 22:01 - 000000000 __RDO C:\Users\songe_000\OneDrive
2017-09-17 02:53 - 2014-10-25 19:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-17 02:26 - 2014-10-25 19:59 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-16 21:10 - 2016-02-09 16:32 - 000066078 _____ C:\Users\songe_000\Documents\JustinSonger.pdf
2017-09-16 20:50 - 2016-07-16 05:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-14 18:45 - 2017-07-19 17:48 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-634217685-3676121620-3412417090-1001
2017-09-14 18:45 - 2015-11-30 02:22 - 000002415 _____ C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-14 18:42 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-14 18:42 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-10 13:14 - 2016-07-16 05:45 - 000000000 ____D C:\WINDOWS\INF
2017-09-10 13:08 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-08 19:48 - 2017-03-16 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2017-09-08 19:48 - 2014-10-22 23:07 - 000000000 ____D C:\ProgramData\Comodo
2017-09-08 16:35 - 2016-07-16 05:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-09-07 10:44 - 2015-11-30 01:41 - 001445410 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-06 18:29 - 2015-06-09 18:43 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-05 13:01 - 2016-07-16 05:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-05 13:01 - 2016-07-16 05:49 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-28 23:53 - 2015-11-21 23:02 - 000064724 _____ C:\Users\songe_000\Documents\KaitlynCarlson.pdf
2017-08-28 23:39 - 2017-06-24 12:23 - 000000000 ____D C:\Program Files\iTunes
2017-08-28 22:59 - 2016-12-28 00:20 - 000051808 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2017-08-28 22:59 - 2016-12-28 00:19 - 000939144 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2017-08-28 22:59 - 2016-12-28 00:19 - 000731344 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2017-08-28 22:57 - 2016-12-28 00:17 - 000457408 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2017-08-28 22:55 - 2016-12-28 00:15 - 000363712 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2017-08-28 20:59 - 2017-02-05 18:39 - 000000000 ____D C:\Users\songe_000\AppData\LocalLow\Mozilla
2017-08-28 16:57 - 2016-11-27 21:58 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-28 16:57 - 2014-10-22 22:11 - 000002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 16:57 - 2014-10-22 22:11 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-28 16:52 - 2016-05-11 16:55 - 000000668 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-634217685-3676121620-3412417090-1001.job
2017-08-28 16:52 - 2016-05-11 16:55 - 000000572 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-634217685-3676121620-3412417090-1001.job
2017-08-28 16:52 - 2014-11-09 14:57 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-08-28 09:39 - 2016-02-09 22:06 - 000064246 _____ C:\Users\songe_000\Documents\DoranLee.pdf
2017-08-28 09:20 - 2017-07-13 23:44 - 000000000 ____D C:\Users\songe_000\AppData\Local\GoToMeeting

==================== Files in the root of some directories =======

2017-03-14 13:58 - 2017-03-14 13:58 - 000000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
2017-09-21 04:25 - 2016-12-12 18:11 - 001886344 _____ (Microsoft Corporation) C:\Users\songe_000\AppData\Local\Temp\dllnt_dump.dll
2017-03-30 23:58 - 2017-07-14 18:52 - 004113960 _____ (COMODO) C:\Users\songe_000\AppData\Local\Temp\ise_installer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-17 16:32

==================== End of FRST.txt ============================

Broni · Sep 22, 2017

The Junkware removal tool says that validating the restore point has failed, restore point creation encountered an error, but I can press any key to continue. Should I continue?

Yes.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

mom26gr8kids · Sep 24, 2017

I have attempted to run the JRT twice today. Both times it got to the process files (or something like that) and then it just disappeared from the screen. No log was produced. I waited for a while to see if it would come back up but it did not, so then I ran it again. And both times after running it my system has needed a re-start. The first time it got stuck on the restart screen and needed a hard reboot, which I think it will this time as well. It is currently stuck on the restarting screen.

I have not yet downloaded the fix for FRST because the computer is running slow and my internet browsers are not loading. I keep getting unresponsive pages. Once I get it to reboot I will download the fix and see if that solves the problem. Let me know if there are any other steps you would like me to take.

mom26gr8kids · Sep 24, 2017

Fixlog text
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-09-2017
Ran by songe_000 (24-09-2017 21:42:42) Run:1
Running from C:\Users\songe_000\Downloads
Loaded Profiles: songe_000 (Available Profiles: songe_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothDesktopHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CfgSPCellular.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin99ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CspCellularSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DuCsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAPNCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpinkcoi5C12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpinkins5C12.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxSDK.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelCpHDCPSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp120.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintRenderAPIHost.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSaveExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]

mom26gr8kids · Sep 24, 2017

AlternateDataStreams: C:\WINDOWS\SysWOW64\ac3filter.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DavSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iconv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xvid.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\point64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\VirtualAudio1.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmclr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:7A2101AB [460]
AlternateDataStreams: C:\ProgramData\Temp:BAC2F271 [229]
AlternateDataStreams: C:\ProgramData\Temp

DEB08FD [194]
AlternateDataStreams: C:\Users\songe_000\Downloads\AdwCleaner.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\almedia-converter_full351.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\cispremium_installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\MaxUninstaller_Setup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\MaxUninstaller_Setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\mbam-setup-2.0.4.1028.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\mbar-1.08.3.1004.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\noteburner-m4v-converter-plus.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\songe_000\Downloads\noteburner-m4v-converter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\RS TEXAS Rsources.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\songe_000\Downloads\setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\songe_000\Downloads\Setup.X86.en-US_O365HomePremRetail_0c7d5447-a8b2-4030-b6eb-1526a3c73fb2_TX_PR_.exe:$CmdTcID [64]
S3 iaLPSSi_GPIO; \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys [X]
S3 iaLPSSi_I2C; \SystemRoot\System32\drivers\iaLPSSi_I2C.sys [X]
S0 iaStorAV; System32\drivers\iaStorAV.sys [X]
S0 iaStorV; System32\drivers\iaStorV.sys [X]
2017-03-14 13:58 - 2017-03-14 13:58 - 000000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2017-09-21 04:25 - 2016-12-12 18:11 - 001886344 _____ (Microsoft Corporation) C:\Users\songe_000\AppData\Local\Temp\dllnt_dump.dll
2017-03-30 23:58 - 2017-07-14 18:52 - 004113960 _____ (COMODO) C:\Users\songe_000\AppData\Local\Temp\ise_installer.exe

mom26gr8kids · Sep 24, 2017

*****************

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
C:\WINDOWS\regedit.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\splwow64.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\accountaccessor.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\aclui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ActionCenter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ActionCenterCPL.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ActivationManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ActiveSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\adsmsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\aitstatic.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppCapture.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\appinfo.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ApplicationFrame.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppointmentApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppXApplicabilityBlob.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AudioEng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AUDIOKSE.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AudioSes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AudioSrvPolicyManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AuthHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\autoplay.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BackgroundMediaPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\basecsp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bcastdvr.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BcastDVRHelper.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bcdedit.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bcrypt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bdesvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bdeui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bdeunlock.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BingMaps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BitLockerDeviceEncryption.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\biwinrt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BluetoothDesktopHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BootMenuUX.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bootux.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BrowserSettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BthRadioMedia.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cdd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cdpreference.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cdpsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cdpusersvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cemapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\certprop.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CfgSPCellular.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\chartv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ChatApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ci.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ClipUp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CloudBackupSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CloudStorageWizard.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\clusapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cmifw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cmintegrator.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\coin97ip.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\coin99ip.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\comdlg32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\comsvcs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ConsoleLogon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ContactApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CredProvDataModel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\credprovs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\credprovslegacy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cryptngc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CspCellularSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\d3d10warp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\d3d11.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\D3D12.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\d3d9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dab.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DafPrintProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DataExchange.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DataSenseHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DavSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\daxexec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dbgeng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ddraw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ddrawex.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\devenum.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DeviceCenter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DeviceEnroller.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DevicePairingFolder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DeviceReactivation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dfp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DfpCommon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dhcpcore6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dialserver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\difx64.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\discan.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Display.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dmenrollengine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DMRServer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dns-sd.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dnsapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dnsrslvr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DolbyDecMFT.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\domgmt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DPTopologyApp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DPTopologyAppv2_0.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\drvstore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dsreg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dsregcmd.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DuCsps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dui70.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dwmapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dxgi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DXP.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EAMProgressHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\easwrt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EditBufferTestHook.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EditionUpgradeHelper.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EditionUpgradeManagerObj.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EDPCleanup.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\efsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EncDec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\energy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EnterpriseAPNCsp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ErrorDetailsUpdate.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\esent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\esentutl.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\evr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ExplorerFrame.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ExSMime.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\facecredentialprovider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Family.Authentication.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ffbroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fhcfg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fhcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fhsettingsprovider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fontext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\FrameServer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\FSClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fveapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fveapibase.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fvenotify.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fveui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GamePanelExternalHook.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gameux.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gdi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GdiPlus.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GEARAspi64.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GfxUIEx.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Gfxv2_0.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Gfxv4_0.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GlobCollationHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gpapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gpsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hal.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hevcdecoder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hgcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hpinkcoi5C12.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hpinkins5C12.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\HttpsDataSource.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hvloader.efi => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hvloader.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\icfupgd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\icm32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\icsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\icsvcext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\IdCtrls.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\igfxSDK.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\imapi2fs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\inetcomm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\InputLocaleManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\InputService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\IntelCpHDCPSvc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\IntelWiDiUMS64.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\internetmail.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\IPHLPAPI.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iphlpsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ipnathlp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iprtrmgr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iscsiwmi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\JpMapControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\KnobsCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\KnobsCsp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\LaunchWinApp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ListSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\LockAppBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\LockAppHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\lpremove.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\lsm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\main.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\manage-bde.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapConfiguration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapControlCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapGeocoder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapRouter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapsBtSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapsStore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MCCSEngineShared.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MDMAppInstaller.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mdmregistration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfaudiocnv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MFCaptureEngine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfds.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfksproxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfmkvsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfnetsrc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfplat.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MFPlay.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfreadwrite.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfsensorgroup.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfsvr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\microsoft-windows-system-events.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\migisol.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mmc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\modernexecserver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\moshost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\moshostcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MosStorage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mprapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mprdim.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MPSSVC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MrmCoreR.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSAC3ENC.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSAudDecMFT.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mscandui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msctf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msctfp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msctfui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msdtcprx.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msdtcuiu.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msftedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msinfo32.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msmpeg2vdec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mspaint.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSPhotography.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mssitlb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mssph.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mssphtb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mssvp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msutb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msvcp120.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSVideoDSP.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msvproc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSVPXENC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msxml3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MultiDigiMon.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ncsi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\netiohlp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\netiougc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\netplwiz.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\netshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nettrace.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetworkCollectionAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetworkDesktopSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetworkUXBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NfcRadioMedia.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ngccredprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NgcCtnr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NgcCtnrGidsHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nlasvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nltest.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NMAA.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NotificationController.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NPSM.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nshwfp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ntdll.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ntshrui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\offlinesam.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\offreg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\OnDemandConnRouteHelper.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pcasvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PCPTpm12.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PhotoScreensaver.scr => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PimIndexMaintenance.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Pimstore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pnidui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\policymanager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\poqexec.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\powercfg.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PrintRenderAPIHost.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\profsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\provengine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\provops.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ProvPluginEng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ProvSysprep.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PsmServiceExtHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\puiapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pwrshplugin.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\qmgr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RADCUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rasapi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rascustom.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rasgcw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ReAgentc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RelPost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\remoteaudioendpoint.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RemoteNaturalLanguage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ReportingCSP.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\reseteng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RjvMDMConfig.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RMapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rshx32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RTWorkQ.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\samsrv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ScDeviceEnum.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\schannel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\scksp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sdengin2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sdshext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SearchFilterHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SearchFolder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SearchProtocolHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SecConfig.efi => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sendmail.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Sens.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SensorDataService.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SensorService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SessEnv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingsHandlers_Flights.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\setupugc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SHCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\shdocvw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\skci.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\smphost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SndVolSSO.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SpeechPal.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\spoolsv.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppcext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppnp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppsvc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppwinob.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SRH.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SRHInproc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sspicli.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\stobject.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\StorSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sud.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SyncCenter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\systemreset.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Tabbtn.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tabcal.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TabletPC.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tapi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\taskbarcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tbauth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TextInputFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\themecpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\timedate.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TokenBrokerCookies.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TpmCoreProvisioning.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TpmTasks.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TSpkg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\twinapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\twinui.pcshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tzautoupdate.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ubpm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\uDWM.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UIAnimation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UIAutomationCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UIRibbon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\umpoext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\usbaaplrc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\usbmon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\user32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UserDataService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UserLanguagesCpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\usoapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UtcResources.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\VCardParser.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\VEStoreEventHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vmrdvcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vpnike.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\VPNv2CSP.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vssapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wbiosrvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wcmsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wcnwiz.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wc_storage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\webio.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\werconcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\weretw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\werui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wevtsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wfdprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wifinetworkmanager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wifitask.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\win32k.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wincorlib.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Cortana.Desktop.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Cortana.OneCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Networking.HostName.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Networking.Vpn.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.StateRepository.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Storage.Search.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.BioFeedback.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.CredDialogController.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Immersive.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Shell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winhttp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wininetlui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winload.efi => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winload.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winmde.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winresume.efi => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winresume.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WinSCard.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wintrust.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wkssvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlanapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlancfg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WlanMediaManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlansec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlansvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlanui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlidprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMPDMC.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpdxm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpeffects.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpmde.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMVDECOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WordBreakers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WorkFolders.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WorkfoldersControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WorkFoldersGPExt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WorkFoldersShell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\workfolderssvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wow64.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Wpc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpcMon.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpcRefreshTask.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpcTok.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpnprv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpx.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ws2_32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscinterop.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wsecedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WSManHTTPConfig.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WsmSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WsmWmiPl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wu.upgrade.ps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wups.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WWanAPI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wwanconn.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wwanmm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wwansvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XblAuthManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XblGameSaveExt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XboxNetApiSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XInputUap.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\zipfldr.dll => ":$CmdTcID" ADS could not remove.

mom26gr8kids · Sep 24, 2017

C:\WINDOWS\SysWOW64\ac3filter.ax => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\accountaccessor.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\aclui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ActionCenterCPL.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ActivationManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\adsmsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppCapture.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppointmentApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\appwiz.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AUDIOKSE.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AuthExt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\autoplay.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\azroleui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\basecsp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BcastDVRHelper.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\bcrypt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BingMaps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\biwinrt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BrowserSettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cemapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\chartv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ChatApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ClipboardServer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CloudBackupSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CloudStorageWizard.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\clusapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cmifw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\comctl32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\comdlg32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\comsvcs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ContactApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\credprovs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\credprovslegacy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cryptngc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cryptui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d2d1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d10warp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d11.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3D12.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d8.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DafPrintProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DataExchange.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DavSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dbgeng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ddraw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ddrawex.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\devenum.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dhcpcore6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dns-sd.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dnsapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DolbyDecMFT.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\drvstore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dtdump.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dwmapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dxgi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\EditBufferTestHook.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\efsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\esent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\esentutl.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\evr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ExplorerFrame.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\findnetprinters.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\fontext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\FSClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gameux.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gdi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\GdiPlus.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\GEARAspi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\GlobCollationHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gpapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\hevcdecoder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\hgcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\icm32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iconv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\imapi2fs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\indexeddbserver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\inetcomm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\InputLocaleManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\IPHLPAPI.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iprtrmgr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iscsiwmi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\JpMapControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LaunchWinApp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LicenseManagerApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LockAppBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LockAppHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\main.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapConfiguration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapControlCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapGeocoder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapRouter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapsBtSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MCCSEngineShared.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mdmregistration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfaudiocnv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfds.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfksproxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfplat.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MFPlay.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfreadwrite.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfsensorgroup.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfsvr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\migisol.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mmc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MosStorage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mprapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mprdim.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MrmCoreR.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSAC3ENC.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mscandui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mscms.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msctf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msctfp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msctfui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msdtcuiu.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msftedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msinfo32.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msmpeg2vdec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSPhotography.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mssitlb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mssph.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mssphtb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mssvp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msutb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSVP9DEC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msvproc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSVPXENC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msxml3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mtxclu.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\netiohlp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\netiougc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ngccredprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NMAA.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NPSM.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\nshwfp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ntdll.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ntshrui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\offlinesam.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\offreg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\OneDriveSetup.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PCPTpm12.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\pdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PhotoScreensaver.scr => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Pimstore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\policymanager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\poqexec.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\powercfg.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ProximityCommon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\puiapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\pwrshplugin.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rasapi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rasgcw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rdpencom.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ReAgentc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\regedit.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\resutils.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\RTWorkQ.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\schannel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\scksp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SearchFilterHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SearchFolder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sendmail.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SessEnv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SHCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\smphost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SndVolSSO.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sppcext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sspicli.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\stobject.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sud.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\systemcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tapi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tbauth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TextInputFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\themecpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TSpkg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\twinapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIAnimation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIAutomationCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIRibbon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Unistore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\user32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\VCardParser.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\vssapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wcnwiz.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\webio.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\weretw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wfdprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\win32k.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wincorlib.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.StateRepository.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Search.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\winhttp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wininetlui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\winmde.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WinSCard.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\winspool.drv => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wintrust.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wlanapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wlancfg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wlanui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wlidprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMPDMC.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmpdxm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmpeffects.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmpmde.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmpshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMVSENCD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WordBreakers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Wpc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WPDShServiceObj.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ws2_32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wscinterop.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wsecedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WsmWmiPl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WWanAPI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XInputUap.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xolehlp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xvid.ax => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\zipfldr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\afd.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ahcache.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\bowser.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\capimg.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\Classpnp.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\clfs.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\cmimcext.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\crashdmp.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dam.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dfsc.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dxgmms2.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\fastfat.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\fvevol.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\hidclass.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\http.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\hvsocket.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\iorate.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\IPMIDrv.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\kbdhid.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ks.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\MegaSas2i.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\modem.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxsmb.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxsmb10.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxsmb20.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mskssrv.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\nwifi.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\partmgr.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\pci.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\pdc.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\point64.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ssudbus.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\storahci.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\stornvme.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tcpipreg.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tpm.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\usbaapl64.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\usbscan.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\VirtualAudio1.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vmbkmcl.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vmbkmclr.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vpci.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\wcifs.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\WdiWiFi.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\winhvr.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\xboxgip.sys => ":$CmdTcID" ADS could not remove.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":7A2101AB" ADS removed successfully.
C:\ProgramData\Temp => ":BAC2F271" ADS removed successfully.
C:\ProgramData\Temp => "

DEB08FD" ADS removed successfully.
C:\Users\songe_000\Downloads\AdwCleaner.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\songe_000\Downloads\almedia-converter_full351.exe => ":$CmdTcID" ADS could not remove.
C:\Users\songe_000\Downloads\cispremium_installer.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\songe_000\Downloads\JRT.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\songe_000\Downloads\MaxUninstaller_Setup (1).exe => ":$CmdTcID" ADS could not remove.
C:\Users\songe_000\Downloads\MaxUninstaller_Setup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\songe_000\Downloads\mbam-setup-2.0.4.1028.exe => ":$CmdTcID" ADS could not remove.
C:\Users\songe_000\Downloads\mbar-1.08.3.1004.exe => ":$CmdTcID" ADS could not remove.
C:\Users\songe_000\Downloads\noteburner-m4v-converter-plus.exe => ":$CmdTcID" ADS could not remove.
C:\Users\songe_000\Downloads\noteburner-m4v-converter.exe => ":$CmdTcID" ADS could not remove.
"C:\Users\songe_000\Downloads\RS TEXAS Rsources.docx" => ":$CmdZnID" ADS not found.
C:\Users\songe_000\Downloads\setup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\songe_000\Downloads\Setup.X86.en-US_O365HomePremRetail_0c7d5447-a8b2-4030-b6eb-1526a3c73fb2_TX_PR_.exe => ":$CmdTcID" ADS could not remove.
HKLM\System\CurrentControlSet\Services\iaLPSSi_GPIO => key removed successfully
iaLPSSi_GPIO => service removed successfully
HKLM\System\CurrentControlSet\Services\iaLPSSi_I2C => key removed successfully
iaLPSSi_I2C => service removed successfully
HKLM\System\CurrentControlSet\Services\iaStorAV => key removed successfully
iaStorAV => service removed successfully
HKLM\System\CurrentControlSet\Services\iaStorV => key removed successfully
iaStorV => service removed successfully
C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc => moved successfully
C:\Users\songe_000\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\songe_000\AppData\Local\Temp\ise_installer.exe => moved successfully

==== End of Fixlog 21:44:25 ====

Broni · Sep 25, 2017

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Solved Possible virus?

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 56,041 +516

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 56,041 +516

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 56,041 +516

Attachments

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 574 +0

Posts: 56,041 +516

Similar threads