﻿Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Lukáš at 2014-12-30 16:53:44
Running from C:\Users\Lukáš\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Disabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.35 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0935-000001000000}) (Version: 9.35.00.0 - Igor Pavlov)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
COMODO Firewall (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 cs) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 cs)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0a2 - Mozilla)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.5.8.2500 - Jan Fiala)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6886 - Realtek Semiconductor Corp.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1830655461-561764797-2130743015-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll ()

==================== Restore Points  =========================

30-12-2014 16:47:03 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-12-30 16:47 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {7D4B26D4-DCDA-44D7-B44E-62A8E9BD39AD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)
Task: {823D2425-B769-4F5A-8916-E7CA4050DE14} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-12-17] (Synaptics Incorporated)
Task: {A4C79144-1E7F-471C-AFD8-ED2DB0612391} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-12-09] (COMODO)
Task: {B8F5086A-2806-4A8C-A7E5-0B7FBD3F90C8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-17] (Microsoft Corporation)
Task: {C39EC9F8-D9E4-4917-96C3-A13F5D60C3DB} - System32\Tasks\Disk Cleanup => C:\Windows\System32\cleanmgr.exe [2014-09-24] (Microsoft Corporation)
Task: {F5BA363E-A660-4CFB-B0CA-5256BE232CB2} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-12-09] (COMODO)

==================== Loaded Modules (whitelisted) =============

2014-12-14 12:43 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-12-22 19:57 - 2014-11-26 17:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceSetupStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IEAdvpack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iexpress.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imgutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lockscreencn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshta.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pngfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SynCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SynTPAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SynTPCo15.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\twinui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WdfCoInstaller01009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wextract.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IEAdvpack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iexpress.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\imgutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\licmgr10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeedsbs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeedssync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshta.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcr120_clr0400.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pngfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SynCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\SynTPCOM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdc.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\twinui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\url.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wextract.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\GEARAspiWDM.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\intelpep.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msgpioclx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\NETwew00.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pdc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\SynTP.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vwififlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vwifimp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Lukáš\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Lukáš\Desktop\beautiful_christmas_tree-1920x1080.jpg:$CmdTcID
AlternateDataStreams: C:\Users\Lukáš\Desktop\rufus-1.4.12.exe:$CmdTcID
AlternateDataStreams: C:\Users\Lukáš\Documents\Fedora-Live-Workstation-x86_64-21-5.iso:$CmdTcID
AlternateDataStreams: C:\Users\Lukáš\Documents\Win_7_32Bit.iso:$CmdTcID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-1830655461-561764797-2130743015-1001\...\StartupApproved\Run: => "SandboxieControl"

========================= Accounts: ==========================

Administrator (S-1-5-21-1830655461-561764797-2130743015-500 - Administrator - Disabled)
Guest (S-1-5-21-1830655461-561764797-2130743015-501 - Limited - Disabled)
Lukáš (S-1-5-21-1830655461-561764797-2130743015-1001 - Administrator - Enabled) => C:\Users\Lukáš

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2014 04:47:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {35b74424-a702-425e-b9dc-35f31026c1a8}

Error: (12/29/2014 03:20:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11fc

Start Time: 01d02371dcb213a8

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: d28a94b1-8f65-11e4-8262-2089842e628c

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/29/2014 01:15:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1524

Start Time: 01d022f9da358e71

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: cdf03c0f-8eed-11e4-8262-2089842e628c

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/29/2014 01:01:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 34.0.5.5443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 127c

Start Time: 01d022f4a13549d1

Termination Time: 205

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: dbf290c8-8eed-11e4-8262-2089842e628c

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/28/2014 02:59:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e4bfd6f9-a639-4228-a34d-dd3d4577879c}

Error: (12/28/2014 02:33:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (12/28/2014 02:32:36 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcMessaging remove all devices. [1008]

Error: (12/28/2014 01:59:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 3.1.2000.0, time stamp: 0x5466ab69
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eebd22
Exception code: 0xc0000142
Fault offset: 0x00000000000ec0b4
Faulting process ID: 0x125c
Faulting application start time: 0xnvstreamsvc.exe0
Faulting application path: nvstreamsvc.exe1
Faulting module path: nvstreamsvc.exe2
Report ID: nvstreamsvc.exe3
Faulting package full name: nvstreamsvc.exe4
Faulting package-relative application ID: nvstreamsvc.exe5

Error: (12/27/2014 11:09:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 34.0.5.5443 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1970

Start Time: 01d02202e4aab97e

Termination Time: 417

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 0abe1eab-8e15-11e4-8260-2089842e628c

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/27/2014 00:31:10 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]


System errors:
=============
Error: (12/30/2014 04:48:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%1053

Error: (12/30/2014 04:48:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Defender Service service to connect.

Error: (12/30/2014 04:48:04 PM) (Source: BTHUSB) (EventID: 30) (User: )
Description: The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.

Error: (12/30/2014 04:47:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069

Error: (12/30/2014 04:47:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/30/2014 04:47:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/30/2014 04:47:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2014 04:47:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/30/2014 04:47:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/30/2014 04:47:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/30/2014 04:47:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {35b74424-a702-425e-b9dc-35f31026c1a8}

Error: (12/29/2014 03:20:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068911fc01d02371dcb213a84294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exed28a94b1-8f65-11e4-8262-2089842e628cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/29/2014 01:15:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689152401d022f9da358e714294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.execdf03c0f-8eed-11e4-8262-2089842e628cmicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/29/2014 01:01:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.5443127c01d022f4a13549d1205C:\Program Files (x86)\Mozilla Firefox\firefox.exedbf290c8-8eed-11e4-8262-2089842e628c

Error: (12/28/2014 02:59:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e4bfd6f9-a639-4228-a34d-dd3d4577879c}

Error: (12/28/2014 02:33:06 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed continue stopping. [0]

Error: (12/28/2014 02:32:36 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcMessaging remove all devices. [1008]

Error: (12/28/2014 01:59:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe3.1.2000.05466ab69ntdll.dll6.3.9600.1727853eebd22c000014200000000000ec0b4125c01d022397aafa847C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Windows\SYSTEM32\ntdll.dllb8f0075d-8e2c-11e4-8260-2089842e628c

Error: (12/27/2014 11:09:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe34.0.5.5443197001d02202e4aab97e417C:\Program Files (x86)\Mozilla Firefox\firefox.exe0abe1eab-8e15-11e4-8260-2089842e628c

Error: (12/27/2014 00:31:10 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcCan continue stopping. [1008]


CodeIntegrity Errors:
===================================
  Date: 2014-12-30 16:52:32.406
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-30 16:52:26.410
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-30 16:52:25.302
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-30 16:50:49.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-30 16:49:41.892
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-30 16:30:44.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-30 16:23:20.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-30 16:04:37.788
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-30 15:53:45.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-30 15:19:37.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 17%
Total physical RAM: 8139.28 MB
Available physical RAM: 6679.12 MB
Total Pagefile: 9419.28 MB
Available Pagefile: 7555.87 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:735.68 GB) (Free:623.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 14.9 GB) (Disk ID: 7244A42B)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================