Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015 Ran by marek at 2015-04-03 14:08:36 Running from C:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Internet Security 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Internet Security 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated) Aktualizacje NVIDIA 2.4.1.21 (Version: 2.4.1.21 - NVIDIA Corporation) Hidden AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies) AVG 2015 (Version: 15.0.4321 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden AVG PC TuneUp 2015 (HKLM\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies) AVG PC TuneUp 2015 (pl-PL) (Version: 15.0.1001.403 - AVG Technologies) Hidden AVG PC TuneUp 2015 (Version: 15.0.1001.403 - AVG Technologies) Hidden AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies) CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd) EMSC (Version: 0.0.0.8C - Compal Electronics, Inc.) Hidden Epson Event Manager (HKLM\...\{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}) (Version: 3.01.0007 - Seiko Epson Corporation) Epson Przewodnik użytkownika L210 Series (HKLM\...\L210 Series Useg) (Version: - ) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EVEREST Ultimate Edition v5.02 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.02 - Lavalys, Inc.) Glary Utilities 5.22 (HKLM\...\Glary Utilities 5) (Version: 5.22.0.41 - Glarysoft Ltd) Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.) Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software) Malwarebytes Anti-Malware wersja 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation) NVIDIA Sterownik graficzny 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) Panel sterowania NVIDIA 341.44 (Version: 341.44 - NVIDIA Corporation) Hidden Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.57.01 - RICOH) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.) Software Updater (HKLM\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) USB Video Device (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.9.002 - Sonix) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 03-04-2015 11:06:52 Zainstalowano: AVG PC TuneUp 2015 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2ED6941A-3728-4F29-B1ED-2FB600E1540C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-30] (Microsoft Corporation) Task: {52641E2F-6E0F-405B-A9D8-60C23464C8EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd) Task: {6D99410E-C826-499E-B713-3EA579EF0651} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-30] (Microsoft Corporation) Task: {70AE4C6C-D9F2-423B-9773-C856787D837A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.) Task: {890FF19D-6DCC-45BD-87CE-0B07ED1D80B4} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2015-03-30] (Glarysoft Ltd) Task: {97186C75-DC4E-4CE4-B3DA-7E0E05F9AC2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-29] (Google Inc.) Task: {A1B10EF6-ECE5-4E11-A4A5-084EDE25A868} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {CF4D4834-582C-43E0-847C-24C791E003B1} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [2015-03-30] (Glarysoft Ltd) Task: {F71BFBA2-BB29-4AA5-BC64-7D17BA1FE306} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-30] (Microsoft Corporation) Task: {FE7AB103-1DAA-4149-826D-23C089B7832E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-30] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-04-03 10:14 - 2015-04-03 10:14 - 00620056 ____N () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe 2015-03-29 21:20 - 2015-02-04 04:05 - 00106640 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2015-02-25 09:25 - 2015-02-25 09:25 - 00604984 _____ () C:\Program Files\AVG\AVG PC TuneUp\avgreplibx.dll 2015-03-30 13:18 - 2010-08-10 21:37 - 00217088 _____ () C:\Program Files\ASUS\Printer Utilities\UsbService.exe 2015-04-03 10:15 - 2015-04-03 10:14 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe 2015-04-03 10:15 - 2015-04-03 10:14 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll 2015-02-25 09:25 - 2015-02-25 09:25 - 00728888 _____ () C:\Program Files\AVG\AVG PC TuneUp\tulngx.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2015-03-30 18:00 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll 2015-04-03 10:14 - 2015-04-03 10:14 - 01711128 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll 2015-04-03 10:14 - 2015-04-03 10:14 - 03033112 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe 2015-04-03 10:14 - 2015-04-03 10:14 - 40630296 _____ () C:\Program Files\AVG Web TuneUp\libcef.dll 2015-03-29 21:06 - 2015-03-14 12:12 - 01174856 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\libglesv2.dll 2015-03-29 21:06 - 2015-03-14 12:12 - 00080200 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\libegl.dll 2015-03-29 21:06 - 2015-03-14 12:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll 2015-03-29 21:06 - 2015-03-14 12:12 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID AlternateDataStreams: C:\Windows\RtlExUpd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AcpiServiceVnA.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\admwprox.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AERTACap.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AERTARen.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ahadmin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audioLibVc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DDPA32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DDPD32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DDPO32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DDPP32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSBassEnhancementDLL.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSBoostDLL.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSGainCompensatorDLL.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSGFXAPO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSGFXAPONS.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSLFXAPO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSLimiterDLL.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSNeoPCDLL.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSS2HeadphoneDLL.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSS2SpeakerDLL.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSSymmetryDLL.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSU2PGFX32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSU2PLFX32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSU2PREC32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DTSVoiceClarityDLL.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\escsvc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\E_DCINST.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\E_TD4BI2E.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\E_TLBI2E.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\FMAPO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ICEsoundAPO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iisreset.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\iisrstap.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iisRtl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KAAPORT.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO20.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO30.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO50.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioAPO60.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioAPOShell.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioEQ.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioRealtek2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioVnA.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxAudioVnN.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxSpeechAPO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO20.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxVoiceAPO30.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MISS_APO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\NAHIMICAPOlfx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\NAHIMICAPOSettingsIPC.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\odbcjt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\R4EEA32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\R4EED32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\R4EEG32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\R4EEL32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\R4EEP32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpendp_winip.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RltkAPO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RP3DAA32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RP3DHT32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\RTEED32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RTEEG32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RTEEL32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RTEEP32A.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RtkApoApi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RtkCoInstII.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RtkCoLDR.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RtkPgExt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RTSndMgr.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SFAPO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SFCOM.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SFNHK.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SFSS_APO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sl3apo32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\slcnt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\slprp32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sltech32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SRSHP360.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SRSTSHD.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SRSTSXT.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SRSWOW.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SStudio.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tadefxapo.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tadefxapo2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TepeqAPO.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\tosade.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wamregps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WavesGUILib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WavesLib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\bowser.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\RTKVHDA.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tdtcp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\vuhub.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID AlternateDataStreams: C:\Users\marek\Downloads\MicrosoftFixit.wu.Run.exe:$CmdTcID AlternateDataStreams: C:\Users\marek\Downloads\MicrosoftFixit.wu.Run.exe:$CmdZnID AlternateDataStreams: C:\Users\marek\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe:$CmdTcID AlternateDataStreams: C:\Users\marek\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe:$CmdZnID AlternateDataStreams: C:\Users\marek\Downloads\www.gdansk.pl_12347.doc:$CmdZnID AlternateDataStreams: C:\Users\marek\Downloads\www.gdansk.pl_12348.doc:$CmdZnID AlternateDataStreams: C:\Users\marek\Downloads\www.gdansk.pl_12349.doc:$CmdZnID AlternateDataStreams: C:\Users\marek\Downloads\www.gdansk.pl_12350.doc:$CmdZnID ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-431165489-4278536586-4157401824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\marek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: EPLTarget => ==================== Accounts: ============================= Administrator (S-1-5-21-431165489-4278536586-4157401824-500 - Administrator - Disabled) Gość (S-1-5-21-431165489-4278536586-4157401824-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-431165489-4278536586-4157401824-1002 - Limited - Enabled) marek (S-1-5-21-431165489-4278536586-4157401824-1001 - Administrator - Enabled) => C:\Users\marek ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/03/2015 01:52:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: NvStreamNetworkService.exe, wersja: 4.1.1943.6202, sygnatura czasowa: 0x5513995d Nazwa modułu powodującego błąd: NvStreamNetworkService.exe, wersja: 4.1.1943.6202, sygnatura czasowa: 0x5513995d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0040f257 Identyfikator procesu powodującego błąd: 0xa78 Godzina uruchomienia aplikacji powodującej błąd: 0xNvStreamNetworkService.exe0 Ścieżka aplikacji powodującej błąd: NvStreamNetworkService.exe1 Ścieżka modułu powodującego błąd: NvStreamNetworkService.exe2 Identyfikator raportu: NvStreamNetworkService.exe3 Error: (04/03/2015 01:40:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0] Error: (04/03/2015 01:40:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: NvStreamNetworkService.exe, wersja: 4.1.1943.6202, sygnatura czasowa: 0x5513995d Nazwa modułu powodującego błąd: NvStreamNetworkService.exe, wersja: 4.1.1943.6202, sygnatura czasowa: 0x5513995d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0040f257 Identyfikator procesu powodującego błąd: 0x9fc Godzina uruchomienia aplikacji powodującej błąd: 0xNvStreamNetworkService.exe0 Ścieżka aplikacji powodującej błąd: NvStreamNetworkService.exe1 Ścieżka modułu powodującego błąd: NvStreamNetworkService.exe2 Identyfikator raportu: NvStreamNetworkService.exe3 Error: (04/03/2015 01:38:01 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0] Error: (04/03/2015 01:26:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: NvStreamNetworkService.exe, wersja: 4.1.1943.6202, sygnatura czasowa: 0x5513995d Nazwa modułu powodującego błąd: NvStreamNetworkService.exe, wersja: 4.1.1943.6202, sygnatura czasowa: 0x5513995d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0040f257 Identyfikator procesu powodującego błąd: 0xd38 Godzina uruchomienia aplikacji powodującej błąd: 0xNvStreamNetworkService.exe0 Ścieżka aplikacji powodującej błąd: NvStreamNetworkService.exe1 Ścieżka modułu powodującego błąd: NvStreamNetworkService.exe2 Identyfikator raportu: NvStreamNetworkService.exe3 Error: (04/03/2015 00:58:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: NvStreamNetworkService.exe, wersja: 4.1.1943.6202, sygnatura czasowa: 0x5513995d Nazwa modułu powodującego błąd: NvStreamNetworkService.exe, wersja: 4.1.1943.6202, sygnatura czasowa: 0x5513995d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0040f257 Identyfikator procesu powodującego błąd: 0xc58 Godzina uruchomienia aplikacji powodującej błąd: 0xNvStreamNetworkService.exe0 Ścieżka aplikacji powodującej błąd: NvStreamNetworkService.exe1 Ścieżka modułu powodującego błąd: NvStreamNetworkService.exe2 Identyfikator raportu: NvStreamNetworkService.exe3 Error: (04/03/2015 09:48:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: NvStreamNetworkService.exe, wersja: 4.1.1943.6202, sygnatura czasowa: 0x5513995d Nazwa modułu powodującego błąd: NvStreamNetworkService.exe, wersja: 4.1.1943.6202, sygnatura czasowa: 0x5513995d Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0040f257 Identyfikator procesu powodującego błąd: 0xb6c Godzina uruchomienia aplikacji powodującej błąd: 0xNvStreamNetworkService.exe0 Ścieżka aplikacji powodującej błąd: NvStreamNetworkService.exe1 Ścieżka modułu powodującego błąd: NvStreamNetworkService.exe2 Identyfikator raportu: NvStreamNetworkService.exe3 Error: (04/02/2015 10:12:51 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (04/02/2015 10:12:51 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (04/02/2015 10:12:51 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] System errors: ============= Error: (04/03/2015 10:08:19 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 10:06:24 na ‎2015-‎04-‎03 było nieoczekiwane. Error: (04/03/2015 09:23:26 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 09:21:56 na ‎2015-‎04-‎03 było nieoczekiwane. Error: (04/02/2015 10:23:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Windows Defender zakończyła działanie; wystąpił następujący błąd: %%-2147024882 Error: (04/02/2015 10:21:24 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 22:19:05 na ‎2015-‎04-‎02 było nieoczekiwane. Error: (04/02/2015 10:12:37 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 22:10:56 na ‎2015-‎04-‎02 było nieoczekiwane. Error: (04/02/2015 10:09:56 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 22:08:53 na ‎2015-‎04-‎02 było nieoczekiwane. Error: (04/02/2015 09:57:53 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 21:56:48 na ‎2015-‎04-‎02 było nieoczekiwane. Error: (04/02/2015 09:43:47 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 21:42:26 na ‎2015-‎04-‎02 było nieoczekiwane. Error: (04/02/2015 00:25:06 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 12:23:30 na ‎2015-‎04-‎02 było nieoczekiwane. Error: (04/02/2015 00:22:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD cmdGuard cmdHlp CSC DfsC discache GUBootStartup inspect NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf Microsoft Office Sessions: ========================= Error: (04/03/2015 01:52:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: NvStreamNetworkService.exe4.1.1943.62025513995dNvStreamNetworkService.exe4.1.1943.62025513995dc00000050040f257a7801d06e04aec4bb6aC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exef698a4f5-d9f7-11e4-92f1-001b386aed79 Error: (04/03/2015 01:40:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0] Error: (04/03/2015 01:40:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: NvStreamNetworkService.exe4.1.1943.62025513995dNvStreamNetworkService.exe4.1.1943.62025513995dc00000050040f2579fc01d06e02d714121eC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe2db4af99-d9f6-11e4-9716-001b386aed79 Error: (04/03/2015 01:38:01 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcSSAU restarted too many times in a short period. Aborting. [0] Error: (04/03/2015 01:26:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: NvStreamNetworkService.exe4.1.1943.62025513995dNvStreamNetworkService.exe4.1.1943.62025513995dc00000050040f257d3801d06e00ecdf2faeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe36bec7f6-d9f4-11e4-96a2-001b386aed79 Error: (04/03/2015 00:58:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: NvStreamNetworkService.exe4.1.1943.62025513995dNvStreamNetworkService.exe4.1.1943.62025513995dc00000050040f257c5801d06dfd1968271fC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe64fffee9-d9f0-11e4-9217-001b386aed79 Error: (04/03/2015 09:48:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: NvStreamNetworkService.exe4.1.1943.62025513995dNvStreamNetworkService.exe4.1.1943.62025513995dc00000050040f257b6c01d06de28573d26aC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.execf10c42a-d9d5-11e4-923d-001b386aed79 Error: (04/02/2015 10:12:51 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (04/02/2015 10:12:51 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (04/02/2015 10:12:51 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz Percentage of memory in use: 33% Total physical RAM: 3070.43 MB Available physical RAM: 2043.63 MB Total Pagefile: 6137.1 MB Available Pagefile: 4783.36 MB Total Virtual: 2047.88 MB Available Virtual: 1880.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:186.21 GB) (Free:160.66 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: FBA0FBA0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=186.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================