Jump to content

Generally Strange System Behavior - Windows 8.1


Trav

Recommended Posts

Greetings,

Recently I have begun having issues with a windows 8.1 installation I've owned for about a year now. I do not think the system is infected with anything (it returns clean bills of health when scanned in safemode by MBAM), so I am more looking to try and workout what system conflicts are causing the malfunctions.

////==Observed Behaviors==\\\\
+The system takes upwards of 3 minutes to load Firefox. Efforts to load League of Legends fail outright due to the sheer amount of time it takes the system to load the constituent elements. When this is happening, RAM usage does not exceed 30%, and CPU usage rarely exceeds 15%. Both of these lag time issues are resolved if either program is opened in Safe Mode. This leads me to believe there is some unforeseen service that is interfering with standard loadup / conflicting with other parts of the system.

+I sometimes leave my system on to render and perform different tasks while I sleep. On a few occasions I have noticed the werfalt service fail when I have woken up and have had to restart the system.

+I recently ran chkdsk on reboot to fix damaged indexes. During the process, the system BSOD's multiple times with the error CRITICAL_SERVICE_FAILED before finally finishing the process and restarting normally.



 

Link to post
Share on other sites

Hi:

Let's start with a bit of system information, please.
Additional scans/logs (and the Windows Dump files) may be needed, but these will provide a starting point.

Please follow the steps here and then please ATTACH all 3 logs to your next reply here in this thread: Diagnostic Logs.

Thanks,

Edited by daledoc1
Link to post
Share on other sites

Greetings,

I have copied and pasted the appropriate logs where need by. Note, these diagnostics were run in safemode, which looks to have possibly interfered with checkresults normal functioning.

EDIT 1:
While pouring over the logs I noticed that remnants of COMODO still exist. I have gone through and attempted to delete them manually, but some files were elusive and are probably hidden. I had been running COMODO on this system for a while, but got tired of their constant adspam. Their uninstaller was abysmal and actually broke my system at the time because it failed to remove firewall related rules that seemed to require all internet activity to run through COMODO. I am not surprised it left other things behind in uninstallation.
----

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
Ran by Kavin Hensersky (administrator) on BEDROOMDESKTOP (14-05-2016 22:58:02)
Running from C:\Users\Kavin Hensersky\Desktop
Loaded Profiles: Kavin Hensersky (Available Profiles: Kavin Hensersky)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.16\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\LoLPatcherUx.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\LoLPatcherUx.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\LoLPatcherUx.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NirSoft) C:\Users\Kavin Hensersky\Desktop\System Tools\cports\cports.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2015-08-23] (Pixart Imaging Inc)
HKLM-x32\...\Run: [WNDA3100v3] => C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE [6243040 2015-01-15] (NETGEAR)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23745808 2016-05-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2015-08-25] (PeerBlock, LLC)
HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\Run: [f.lux] => C:\Users\Kavin Hensersky\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2015-08-27] (Flux Software LLC)
HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\Run: [Google Update] => C:\Users\Kavin Hensersky\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-13] (Google Inc.)
HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2010912 2015-12-08] (IObit)
HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-10-17] (Piriform Ltd)
HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\Run: [Discord] => C:\Users\Kavin Hensersky\AppData\Local\Discord\app-0.0.290\Discord.exe [57924280 2016-05-05] (Hammer & Chisel, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-20] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{496C5353-34B5-4ED9-ABAF-C154B774E9DA}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{496C5353-34B5-4ED9-ABAF-C154B774E9DA}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A53013C7-B09F-4C1A-8FBB-947456E797FA}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{B87820C6-55C5-4825-8DF3-65756AA4D3CD}: [NameServer] 156.154.70.22,156.154.71.22

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-08] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-18] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-20] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-04-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-20] (AVAST Software)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1836779011-2011716686-380047477-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1836779011-2011716686-380047477-1001: @talk.google.com/O1DPlugin -> C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1836779011-2011716686-380047477-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Kavin Hensersky\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1836779011-2011716686-380047477-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Kavin Hensersky\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF user.js: detected! => C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\user.js [2016-02-26]
FF Plugin ProgramFiles/Appdata: C:\Users\Kavin Hensersky\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Kavin Hensersky\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: WOT - C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-01-02]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-01]
FF Extension: Ghostery - C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\Extensions\firefox@ghostery.com.xpi [2016-05-03]
FF Extension: MEGA - C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\Extensions\firefox@mega.co.nz.xpi [2016-05-04]
FF Extension: SNPTips - C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\Extensions\snptips@5amsolutions.com.xpi [2016-05-01]
FF Extension: Flagfox - C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-04-22]
FF Extension: Password Exporter - C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2016-05-11]
FF Extension: Video DownloadHelper - C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-11]
FF Extension: Adblock Plus - C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF Extension: BetterPrivacy - C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2016-05-06]
FF Extension: Reasy - C:\Users\Kavin Hensersky\AppData\Roaming\Mozilla\Firefox\Profiles\97iwu63f.default\Extensions\{fcff419f-5bfb-40cd-b52c-8f55dc2d0511}.xpi [2016-04-26]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-26]

Chrome:
=======
CHR Profile: C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-23]
CHR Extension: (Google Docs) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Google Drive) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-05-01]
CHR Extension: (YouTube) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
CHR Extension: (Adblock Plus) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-26]
CHR Extension: (Google Search) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-26]
CHR Extension: (Disconnect Search) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2016-01-05]
CHR Extension: (Disconnect) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Gmail) - C:\Users\Kavin Hensersky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-20]
CHR HKLM-x32\...\Chrome\Extension: [hmobfennjmjnkdbklhcnnfbhfibedgkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeoacafpbcihiomhlakheieifhpjdfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [827680 2015-12-08] (IObit)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-20] (AVAST Software)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [73920 2016-01-12] (Comodo Security Solutions, Inc.)
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-15] (Dropbox, Inc.)
S3 Disconnect Desktop Updater; C:\Users\Kavin Hensersky\AppData\Roaming\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [358400 2015-08-25] (Disconnect)
S3 disconnect-openvpn; C:\Users\Kavin Hensersky\AppData\Roaming\Disconnect\Disconnect Desktop\nssm.exe [338944 2015-08-25] ()
S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-11-07] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2016-01-02] (GOG.com)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2016-01-12] (Comodo Security Solutions, Inc.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-12-08] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-12-08] (IObit)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-09-25] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
U4 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-25] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-20] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-20] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-12] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-20] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-20] (AVAST Software)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-09-25] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2015-08-25] (Microsoft Corporation)
S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-11-18] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [828144 2015-11-18] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-10-11] ()
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-12-08] (IObit)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-11-30] (REALiX(tm))
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-14] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [47672 2016-05-09] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-08-23] ()
S3 VCSVADHWSer; C:\Windows\system32\DRIVERS\vcsvad.sys [21504 2015-10-05] (Avnex)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WNDA3100v3; C:\Windows\system32\DRIVERS\WNDA3100v3.sys [2222736 2014-12-08] (MediaTek Inc.)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-14 22:58 - 2016-05-14 23:02 - 00025505 _____ C:\Users\Kavin Hensersky\Desktop\FRST.txt
2016-05-14 22:57 - 2016-05-14 22:58 - 00000000 ____D C:\FRST
2016-05-14 22:56 - 2016-05-14 22:56 - 02382336 _____ (Farbar) C:\Users\Kavin Hensersky\Desktop\FRST64.exe
2016-05-14 22:56 - 2016-05-14 22:56 - 01706112 _____ (Malwarebytes) C:\Users\Kavin Hensersky\Desktop\mbam-check-2.3.2.0.exe
2016-05-14 20:20 - 2016-05-14 20:20 - 00001393 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-05-14 20:20 - 2016-05-09 18:26 - 00112184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-05-14 20:20 - 2016-05-03 21:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-05-14 20:20 - 2016-05-03 21:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-05-14 20:20 - 2016-05-03 21:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-05-14 20:20 - 2016-05-03 21:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-05-14 20:20 - 2016-05-02 00:39 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-05-14 20:20 - 2016-05-02 00:38 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-05-14 20:20 - 2016-05-02 00:38 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-05-14 20:19 - 2016-05-14 20:19 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-14 20:19 - 2016-05-09 18:40 - 00532536 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-14 20:19 - 2016-05-09 18:40 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-14 20:19 - 2016-05-09 18:40 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-05-14 20:17 - 2016-05-10 11:59 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-05-14 20:17 - 2016-05-10 11:59 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-05-14 20:17 - 2016-05-10 11:59 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 42923576 _____ C:\Windows\system32\nvcompiler.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 37567424 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 31584704 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 25346616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 21372456 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 20914600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 19006432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 17768992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 17362992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 17248920 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 16449616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 14129544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 12550712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-05-14 20:17 - 2016-05-09 23:07 - 10566520 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 08673880 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 03714144 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 03286664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 03234240 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 02809280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436519.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436519.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00959544 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00887744 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00751552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00695864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00678704 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00473592 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00423360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00391632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00175552 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00126008 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2016-05-14 20:17 - 2016-05-09 23:07 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2016-05-14 20:17 - 2016-05-09 23:07 - 00037091 _____ C:\Windows\system32\nvinfo.pb
2016-05-14 20:17 - 2016-05-09 23:07 - 00000592 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-14 20:17 - 2016-05-09 23:07 - 00000592 _____ C:\Windows\system32\nv-vk64.json
2016-05-14 20:15 - 2016-05-14 20:15 - 00000000 ____D C:\NVIDIA
2016-05-14 20:03 - 2016-05-14 20:08 - 360508680 _____ (NVIDIA Corporation) C:\Users\Kavin Hensersky\Downloads\365.19-desktop-win8-win7-winvista-64bit-international-whql.exe
2016-05-14 19:44 - 2016-05-14 19:44 - 00001625 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-05-14 19:44 - 2016-05-14 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-05-14 19:36 - 2016-05-14 20:20 - 00000000 ____D C:\Windows\LastGood
2016-05-14 19:27 - 2016-05-14 19:44 - 00000000 __SHD C:\AI_RecycleBin
2016-05-14 18:51 - 2016-05-14 18:51 - 00000000 ____D C:\Windows\Sun
2016-05-14 18:35 - 2016-05-14 18:35 - 00002448 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Kavin_Hensersky
2016-05-14 18:35 - 2016-05-14 18:35 - 00000328 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Kavin_Hensersky.job
2016-05-14 18:30 - 2016-05-14 18:31 - 27864920 _____ (Riot Games) C:\Users\Kavin Hensersky\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2016-05-14 18:29 - 2016-05-14 19:23 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Local\CrashDumps
2016-05-14 15:10 - 2016-04-14 00:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-14 15:10 - 2016-04-14 00:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-14 15:10 - 2016-04-14 00:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-14 15:09 - 2016-05-14 15:10 - 45000176 _____ (NVIDIA Corporation) C:\Users\Kavin Hensersky\Downloads\GeForce_Experience_v2.11.3.5.exe
2016-05-14 15:00 - 2016-05-14 15:00 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-05-14 14:40 - 2016-05-14 14:40 - 00274512 _____ C:\Windows\Minidump\051416-57187-01.dmp
2016-05-14 14:40 - 2016-05-14 14:40 - 00000000 ____D C:\Windows\Minidump
2016-05-14 14:31 - 2016-05-14 14:31 - 00006352 ____N C:\bootsqm.dat
2016-05-14 14:11 - 2016-05-14 14:11 - 00000000 ____H C:\asc_rdflag
2016-05-13 21:02 - 2016-05-13 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-11 22:24 - 2016-05-11 22:24 - 00039789 _____ C:\Users\Kavin Hensersky\Documents\password-export-2016-05-11.xml
2016-05-11 17:35 - 2016-05-02 20:15 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 17:35 - 2016-05-02 20:15 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 16:59 - 2016-04-22 15:54 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 16:59 - 2016-04-22 15:06 - 20349952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 16:59 - 2016-03-31 01:50 - 01307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 16:59 - 2016-03-30 22:40 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 16:58 - 2016-04-22 15:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 16:58 - 2016-04-22 15:14 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 16:58 - 2016-04-22 15:08 - 06052864 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 16:58 - 2016-04-22 15:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 16:58 - 2016-04-22 14:35 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 16:58 - 2016-04-22 14:29 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 16:58 - 2016-04-22 14:24 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-05-11 16:58 - 2016-04-22 14:23 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 16:58 - 2016-04-22 14:19 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 16:58 - 2016-04-22 14:17 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 16:58 - 2016-04-22 14:14 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 16:58 - 2016-04-22 14:14 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 16:58 - 2016-04-22 14:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 16:58 - 2016-04-22 14:12 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 16:58 - 2016-04-22 13:58 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 16:58 - 2016-04-22 13:58 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-05-11 16:58 - 2016-04-22 13:54 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 16:58 - 2016-04-22 13:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 16:58 - 2016-04-22 13:52 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 16:58 - 2016-04-22 13:52 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 16:58 - 2016-04-22 13:52 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 16:58 - 2016-04-22 13:51 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 16:58 - 2016-04-22 13:40 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 16:58 - 2016-04-22 13:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 16:58 - 2016-04-22 13:27 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 16:58 - 2016-04-22 13:24 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 16:58 - 2016-04-22 13:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 16:58 - 2016-04-11 01:21 - 00074584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2016-05-11 16:58 - 2016-04-10 02:48 - 00738096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 16:58 - 2016-04-10 02:48 - 00613624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 16:58 - 2016-04-10 00:37 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 16:58 - 2016-04-09 23:21 - 01763376 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 16:58 - 2016-04-09 23:21 - 01489088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 16:58 - 2016-04-09 23:14 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 16:58 - 2016-04-09 18:29 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 16:58 - 2016-04-09 17:07 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 16:58 - 2016-04-09 16:58 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-05-11 16:58 - 2016-04-09 16:50 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-05-11 16:58 - 2016-04-06 16:13 - 00561960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-05-11 16:58 - 2016-04-06 16:13 - 00137976 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 16:58 - 2016-04-06 13:20 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 16:58 - 2016-04-06 13:19 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 16:58 - 2016-04-06 13:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 16:58 - 2016-04-06 12:49 - 00120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 16:58 - 2016-04-06 12:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 16:58 - 2016-04-06 11:57 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 16:58 - 2016-04-06 11:52 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 16:58 - 2016-04-06 11:20 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 16:58 - 2016-04-06 10:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 16:58 - 2016-03-28 20:42 - 07446368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 16:58 - 2016-03-10 12:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dsparse.dll
2016-05-11 16:58 - 2016-03-10 11:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsparse.dll
2016-05-11 16:39 - 2016-05-14 20:44 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836779011-2011716686-380047477-1001UA.job
2016-05-11 16:39 - 2016-05-14 20:44 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 16:39 - 2016-05-14 19:47 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-11 16:39 - 2016-05-13 16:44 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836779011-2011716686-380047477-1001Core.job
2016-05-11 16:35 - 2016-05-11 16:36 - 00002262 _____ C:\Users\Kavin Hensersky\Desktop\Discord.lnk
2016-05-07 12:06 - 2016-05-07 12:06 - 00289973 _____ C:\Users\Kavin Hensersky\Downloads\Potential_Presidential_Candidate_Favorables_I_Natl_Adults_140717 .pdf
2016-05-07 08:56 - 2016-05-07 08:56 - 00032760 _____ C:\Users\Kavin Hensersky\Downloads\bathroom
2016-05-07 08:56 - 2016-05-07 08:56 - 00030628 _____ C:\Users\Kavin Hensersky\Downloads\kitchen
2016-05-07 08:56 - 2016-05-07 08:56 - 00028770 _____ C:\Users\Kavin Hensersky\Downloads\backyard
2016-05-07 08:56 - 2016-05-07 08:56 - 00026251 _____ C:\Users\Kavin Hensersky\Downloads\living room
2016-05-06 19:26 - 2016-05-06 19:26 - 00242120 _____ C:\Users\Kavin Hensersky\Downloads\Firefox Setup Stub 46.0.1.exe
2016-05-04 08:46 - 2016-05-04 08:46 - 00000000 ____D C:\Users\Kavin Hensersky\Desktop\CandyK
2016-05-04 08:34 - 2016-05-04 08:46 - 961376139 _____ C:\Users\Kavin Hensersky\Desktop\CandyK.rar
2016-05-03 21:23 - 2016-05-03 21:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1-1-0-11-1.dll
2016-05-03 21:22 - 2016-05-03 21:22 - 00130848 _____ C:\Windows\system32\vulkan-1-1-0-11-1.dll
2016-05-03 21:22 - 2016-05-03 21:22 - 00045344 _____ C:\Windows\system32\vulkaninfo-1-1-0-11-1.exe
2016-05-03 21:22 - 2016-05-03 21:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-11-1.exe
2016-05-03 01:30 - 2016-05-03 01:30 - 02670087 _____ C:\Users\Kavin Hensersky\Desktop\DealingwithOutliers.pdf
2016-05-01 13:02 - 2016-05-01 13:06 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Local\FreeFixer
2016-05-01 13:02 - 2016-05-01 13:02 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Roaming\FreeFixer
2016-04-25 18:25 - 2016-04-25 18:25 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-22 12:30 - 2016-05-12 16:57 - 00000000 ____D C:\Users\Kavin Hensersky\Desktop\Job Hunt
2016-04-22 10:26 - 2016-04-22 10:26 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-22 10:26 - 2016-04-22 10:26 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-22 10:26 - 2016-04-22 10:26 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-04-22 10:25 - 2016-04-22 10:25 - 02466136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-04-22 10:25 - 2016-04-22 10:25 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-04-22 10:25 - 2016-04-22 10:25 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-04-22 10:25 - 2016-04-22 10:25 - 00160160 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2016-04-22 10:25 - 2016-04-22 10:25 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-04-22 10:25 - 2016-04-22 10:25 - 00121912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2016-04-22 10:24 - 2016-04-22 10:24 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-04-22 10:24 - 2016-04-22 10:24 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-04-22 10:24 - 2016-04-22 10:24 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-04-22 10:24 - 2016-04-22 10:24 - 00316760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-04-22 10:24 - 2016-04-22 10:24 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-04-22 10:24 - 2016-04-22 10:24 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-04-22 10:24 - 2016-04-22 10:24 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-04-17 18:10 - 2016-04-17 18:27 - 87685233 _____ C:\Users\Kavin Hensersky\Desktop\censored Pregnant Mother - XVIDEOS.COM.flv
2016-04-16 21:22 - 2016-05-14 14:58 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Roaming\discord
2016-04-16 21:22 - 2016-05-11 16:36 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Local\Discord
2016-04-16 21:22 - 2016-05-11 16:35 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-04-16 21:22 - 2016-05-11 16:34 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Local\SquirrelTemp
2016-04-16 14:14 - 2016-04-16 14:14 - 01133752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-16 14:14 - 2016-04-16 14:14 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-16 14:14 - 2016-04-16 14:14 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-16 14:14 - 2016-04-16 14:14 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-16 14:14 - 2016-04-16 14:14 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-16 14:13 - 2016-04-16 14:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-16 14:13 - 2016-04-16 14:13 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-16 14:13 - 2016-04-16 14:13 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-04-16 14:13 - 2016-04-16 14:13 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-04-16 14:13 - 2016-04-16 14:13 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-16 14:12 - 2016-04-16 14:12 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-16 14:12 - 2016-04-16 14:12 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-16 14:12 - 2016-04-16 14:12 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-16 14:12 - 2016-04-16 14:12 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-16 14:12 - 2016-04-16 14:12 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-16 14:12 - 2016-04-16 14:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-16 14:12 - 2016-04-16 14:12 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-16 14:11 - 2016-04-16 14:11 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-04-16 14:11 - 2016-04-16 14:11 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-04-16 14:11 - 2016-04-16 14:11 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-04-16 14:11 - 2016-04-16 14:11 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-04-16 14:01 - 2016-04-04 01:35 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-16 14:01 - 2016-04-02 08:26 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-16 14:01 - 2016-04-02 08:26 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-16 14:01 - 2016-03-28 08:21 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-16 14:01 - 2016-03-28 08:21 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-16 14:01 - 2016-03-28 08:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-16 14:01 - 2016-03-28 08:21 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-16 14:01 - 2016-03-28 08:21 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-16 13:58 - 2016-03-03 11:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-04-15 20:34 - 2016-04-15 20:35 - 00003194 _____ C:\Windows\System32\Tasks\{9F28218A-84D2-4EA0-8479-0B60559CDCF2}
2016-04-15 19:14 - 2016-04-15 19:14 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-04-15 19:14 - 2016-04-15 19:14 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-04-14 17:49 - 2016-04-14 17:49 - 00000521 _____ C:\Users\Kavin Hensersky\Desktop\hyperexpand plugin for Audacity.zip
2016-04-14 10:33 - 2016-04-14 10:34 - 00000000 ____D C:\Users\Kavin Hensersky\Desktop\Bowser

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-14 23:02 - 2015-08-23 21:04 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Roaming\Skype
2016-05-14 22:56 - 2015-10-03 14:48 - 00000000 ____D C:\Users\Kavin Hensersky\Desktop\System Tools
2016-05-14 22:54 - 2015-08-23 20:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-14 20:52 - 2015-12-08 16:21 - 00000288 _____ C:\Windows\Tasks\ASC9_SkipUac_Kavin Hensersky.job
2016-05-14 20:52 - 2015-08-25 21:15 - 00000000 ____D C:\Program Files\PeerBlock
2016-05-14 20:52 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-14 20:37 - 2015-09-21 20:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-14 20:33 - 2015-08-23 20:54 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Local\NVIDIA
2016-05-14 20:32 - 2015-08-23 21:35 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-14 20:24 - 2015-08-23 20:54 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Local\NVIDIA Corporation
2016-05-14 20:24 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-14 20:23 - 2015-08-23 19:29 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1836779011-2011716686-380047477-1001
2016-05-14 20:22 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-05-14 20:20 - 2015-09-07 19:00 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-14 20:20 - 2015-08-23 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-14 20:19 - 2015-08-23 20:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-05-14 19:59 - 2016-01-15 11:54 - 00000956 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-05-14 19:52 - 2016-02-26 21:05 - 00000000 ____D C:\Users\Kavin Hensersky\Desktop\Courses
2016-05-14 19:50 - 2016-03-28 12:04 - 00003274 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-05-14 19:50 - 2016-03-28 12:04 - 00002906 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Kavin Hensersky)
2016-05-14 19:50 - 2016-03-01 10:23 - 00000000 ____D C:\Users\Kavin Hensersky\Desktop\Backburner Session
2016-05-14 18:31 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-05-14 15:01 - 2015-09-07 18:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-14 14:40 - 2015-08-23 21:14 - 249667908 _____ C:\Windows\MEMORY.DMP
2016-05-14 14:21 - 2015-12-08 16:20 - 00002282 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-05-14 14:20 - 2015-08-23 19:24 - 00000000 ____D C:\Users\Kavin Hensersky
2016-05-14 14:19 - 2013-08-22 09:44 - 00487096 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-14 14:12 - 2016-04-12 10:09 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-14 14:12 - 2016-04-12 10:09 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-14 14:12 - 2015-10-09 13:39 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-14 14:12 - 2013-08-22 14:11 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-14 14:11 - 2016-04-09 16:50 - 90865664 _____ C:\Windows\system32\config\SOFTWARE.iodefrag
2016-05-14 14:11 - 2016-04-09 16:50 - 00278528 _____ C:\Windows\system32\config\DEFAULT.iodefrag
2016-05-14 14:11 - 2016-04-09 16:50 - 00028672 _____ C:\Windows\system32\config\SAM.iodefrag
2016-05-14 14:11 - 2016-04-09 16:50 - 00024576 _____ C:\Windows\system32\config\SECURITY.iodefrag
2016-05-14 14:11 - 2015-10-09 13:43 - 90865664 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2016-05-14 14:11 - 2015-10-09 13:43 - 04816896 _____ C:\Windows\system32\config\DRIVERS.iodefrag.bak
2016-05-14 14:11 - 2015-10-09 13:43 - 00278528 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2016-05-14 14:11 - 2015-10-09 13:43 - 00028672 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2016-05-14 14:11 - 2015-10-09 13:43 - 00024576 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2016-05-13 21:02 - 2016-01-15 11:53 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-13 13:48 - 2016-01-29 02:15 - 00000000 ____D C:\Users\Kavin Hensersky\Desktop\Aeon Project
2016-05-13 00:47 - 2015-08-23 20:35 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 00:47 - 2015-08-23 20:35 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-13 00:37 - 2015-09-21 20:27 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-12 10:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-05-12 04:31 - 2015-09-25 19:40 - 00000000 ____D C:\ProgramData\ProductData
2016-05-11 22:26 - 2015-08-23 19:24 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Local\Packages
2016-05-11 17:52 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-05-11 17:50 - 2015-08-23 21:30 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 17:37 - 2015-08-23 21:30 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 16:39 - 2015-09-13 02:50 - 00003944 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1836779011-2011716686-380047477-1001UA
2016-05-11 16:39 - 2015-09-13 02:50 - 00003564 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1836779011-2011716686-380047477-1001Core
2016-05-11 16:39 - 2015-08-23 20:34 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 16:39 - 2015-08-23 20:34 - 00003672 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-11 16:36 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-11 16:33 - 2016-02-20 17:57 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-11 16:30 - 2015-09-27 17:53 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-09 18:40 - 2015-09-07 19:00 - 06369728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-05-09 18:40 - 2015-09-07 19:00 - 02993088 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-05-09 18:40 - 2015-09-07 19:00 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-05-09 18:40 - 2015-09-07 19:00 - 01201600 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-05-09 18:40 - 2015-09-07 19:00 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-05-07 17:18 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-05-06 20:59 - 2015-08-23 21:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-06 20:59 - 2015-08-23 21:04 - 00000000 ____D C:\ProgramData\Skype
2016-05-06 19:28 - 2016-04-12 06:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-06 19:28 - 2016-03-28 12:03 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-06 19:28 - 2016-03-28 12:03 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-06 19:28 - 2016-03-28 12:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-06 19:08 - 2015-09-07 18:13 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Roaming\vlc
2016-05-06 18:38 - 2015-08-24 12:36 - 00001082 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-06 09:02 - 2015-09-07 19:00 - 06423191 _____ C:\Windows\system32\nvcoproc.bin
2016-05-02 00:39 - 2015-08-23 20:54 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-05-02 00:38 - 2015-08-23 20:54 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-04-30 12:06 - 2016-04-09 09:21 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Roaming\RStudio
2016-04-30 12:06 - 2016-02-02 20:41 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Local\RStudio-Desktop
2016-04-30 05:40 - 2016-03-28 12:18 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Local\ElevatedDiagnostics
2016-04-29 12:06 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2016-04-29 11:56 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-25 18:25 - 2016-03-26 15:58 - 00000000 ____D C:\Users\Kavin Hensersky\.oracle_jre_usage
2016-04-25 18:25 - 2016-03-26 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-25 18:25 - 2016-03-26 15:57 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-24 15:00 - 2016-02-01 17:18 - 00000000 ____D C:\Users\Kavin Hensersky\Desktop\Research Articles
2016-04-18 19:53 - 2015-08-27 08:58 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-18 19:48 - 2015-09-27 08:53 - 00000000 ____D C:\Users\Kavin Hensersky\Desktop\Files
2016-04-16 14:10 - 2016-04-09 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2016-04-15 19:28 - 2016-04-09 08:55 - 00000000 ____D C:\Program Files (x86)\IBM
2016-04-14 17:45 - 2015-10-05 23:34 - 00000000 ____D C:\Users\Kavin Hensersky\AppData\Roaming\Audacity
2016-04-14 11:13 - 2015-10-05 23:47 - 00000000 ____D C:\Program Files (x86)\AV Voice Changer 8.2 Diamond

Some files in TEMP:
====================
C:\Users\Kavin Hensersky\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kavin Hensersky\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kavin Hensersky\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-07 09:53

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-05-2016
Ran by Kavin Hensersky (2016-05-14 23:02:55)
Running from C:\Users\Kavin Hensersky\Desktop
Windows 8.1 (X64) (2015-08-24 00:24:13)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1836779011-2011716686-380047477-500 - Administrator - Disabled)
Guest (S-1-5-21-1836779011-2011716686-380047477-501 - Limited - Disabled)
Kavin Hensersky (S-1-5-21-1836779011-2011716686-380047477-1001 - Administrator - Enabled) => C:\Users\Kavin Hensersky

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Out of date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Disabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.0.3 - IObit)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AV Voice Changer Software Diamond 8.2 (HKLM-x32\...\AV Voice Changer Software Diamond 8.2) (Version: 8.2.03 - AVSOFT Corp.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BitTorrent (HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\BitTorrent) (Version: 7.9.5.41866 - BitTorrent Inc.)
Black Desert Character Creator (HKLM-x32\...\{83AC6E37-6497-4A01-BB5D-AA845BA08832}) (Version: 1.0.0.2 - Daum Games EU)
Blackguards (HKLM-x32\...\Steam App 249650) (Version:  - Daedalic Entertainment)
Braveland (HKLM-x32\...\1207662143_is1) (Version: 2.2.0.4 - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
COMODO Antivirus (HKLM\...\{367D1EA4-24FD-402F-AFF0-08A678D2EE28}) (Version: 8.2.0.4674 - COMODO Security Solutions Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
Disconnect Desktop (HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\Disconnect Desktop 2.0.5) (Version: 2.0.5 - Disconnect)
Disconnect Desktop (x32 Version: 2.0.5 - Disconnect) Hidden
Discord (HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\Discord) (Version: 0.0.290 - Hammer & Chisel, Inc.)
Dishonored (HKLM-x32\...\Steam App 205100) (Version:  - Arkane Studios)
Dominions 4 (HKLM-x32\...\Steam App 259060) (Version:  - Illwinter Game Design)
DoodleGod version 2.0 (HKLM-x32\...\{2D19B4CA-C6C6-4DBE-B4F9-79240C18D142}_is1) (Version: 2.0 - Joybits, Inc.)
Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
f.lux (HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\Flux) (Version:  - )
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hand Of Fate (HKLM-x32\...\Steam App 266510) (Version:  - Defiant Development)
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
Invisible, Inc. (HKLM-x32\...\Steam App 243970) (Version:  - Klei Entertainment)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.1.0.21 - IObit)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Magic Set Editor 2.0.0 (HKLM-x32\...\Magic Set Editor 2_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect (HKLM-x32\...\Steam App 17460) (Version:  - BioWare)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
NETGEAR WNDA3100v3 (x32 Version: 1.0.0.10 - NETGEAR) Hidden
NETGEAR WNDA3100v3 Genie (HKLM-x32\...\InstallShield_{60C50FCC-545B-4D5D-B0D1-4A773143BCE7}) (Version: 1.0.0.10 - NETGEAR)
Neverending Nightmares (HKLM-x32\...\{66D91994-8A4C-4ED6-9450-9690717800F7}) (Version: 2.0.20854.0 - Infinitap Games)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.19 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.19 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 365.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 365.19 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1002 - Microsoft Corporation) Hidden
OpenVPN 2.3.6-I603  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I603 - )
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1051.0 - Passmark Software)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
R for Windows 3.2.3 (HKLM\...\R for Windows 3.2.3_is1) (Version: 3.2.3 - R Core Team)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version:  - SkyBox Labs)
RStudio (HKLM-x32\...\RStudio) (Version: 0.99.491 - RStudio)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
SHOGUN: Total War™ - Gold Edition (HKLM-x32\...\Steam App 345240) (Version:  - Creative Assembly)
Sid Meier's Alpha Centauri Planetary Pack (HKLM-x32\...\1207658936_is1) (Version: 2.1.0.24 - GOG.com)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Skullgirls (HKLM\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.3.0.200 - IObit)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Tesla Effect (HKLM-x32\...\Steam App 261510) (Version:  - Big Finish Games)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sad Story of Emmeline Burns (HKLM-x32\...\Steam App 429940) (Version:  - ebi-hime)
Total War: Arena (HKLM-x32\...\Steam App 227520) (Version:  - Creative Assembly)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version:  - Capcom)
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
Valdis Story: Abyssal City (HKLM-x32\...\Steam App 252030) (Version:  - )
Valkyria Chronicles™ (HKLM-x32\...\Steam App 294860) (Version:  - SEGA)
Viking: Battle for Asgard (HKLM-x32\...\Steam App 211160) (Version:  - Creative Assembly, PC Port - Hardlight)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version:  - Ubisoft)
WinDirStat 1.1.2 (HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1836779011-2011716686-380047477-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Kavin Hensersky\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1836779011-2011716686-380047477-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kavin Hensersky\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0066303E-6814-47FA-83FA-E24E0C14E4AB} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2015-12-08] (IObit)
Task: {05002827-6402-43F3-BA96-AF6327A8096C} - System32\Tasks\Initiate Peerblock => C:\Program Files\PeerBlock\peerblock.exe [2015-08-25] (PeerBlock, LLC)
Task: {303BCC99-BF7A-4956-8B48-581D0FA04D98} - System32\Tasks\Uninstaller_SkipUac_Kavin_Hensersky => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-12-08] (IObit)
Task: {418A9292-814E-4D4D-BE72-F33D4B9B4F2B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-08] (Microsoft Corporation)
Task: {44AB532D-4FF8-4B32-A60C-9D5AE7271535} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {4A4F23D0-CBEE-41E3-995B-12EFB4243D24} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-15] (Dropbox, Inc.)
Task: {4BC344EA-1864-4B51-832B-37BE11EDB5FD} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-15] (Dropbox, Inc.)
Task: {53FBE528-E941-43AF-8A76-814C5E49329F} - System32\Tasks\Driver Booster SkipUAC (Kavin Hensersky) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-01-18] (IObit)
Task: {5E795B45-CA7B-457D-8DAA-025C692D70D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-08] (Microsoft Corporation)
Task: {6E3174BE-8069-4DEB-9D6F-35AA24705B95} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {79A267A8-FB5C-43DC-939D-56191D933184} - System32\Tasks\SafeZone scheduled Autoupdate 1458964378 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {84C38FF9-29D7-4633-8083-F7F639B1DB38} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-01-13] (IObit)
Task: {A3E10D22-71CA-42C0-9309-5ECA8E8D8C69} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-20] (AVAST Software)
Task: {A9D0B8A1-5BD7-4FF9-86BB-AB1DAE795665} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1836779011-2011716686-380047477-1001UA => C:\Users\Kavin Hensersky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {B348F26E-E837-4495-A914-1FE4ECFF9B1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-17] (Piriform Ltd)
Task: {B46940C7-7B61-4CD5-BA6E-4E13BAA81A81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {C44C679F-2978-49CE-8BAC-CF07489F3F0F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-09] (Microsoft Corporation)
Task: {C66C27AB-DED1-4999-B279-2C8D7881B968} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {CE4A00C8-5BDF-41D4-AB0A-1CFBCD956D2B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-01-12] (Adobe Systems Incorporated)
Task: {D7D8E7B8-31E8-4534-B033-61D6F9AB07E5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {DC56D7A5-68FE-422D-8F56-975407F602C2} - System32\Tasks\{9F28218A-84D2-4EA0-8479-0B60559CDCF2} => Firefox.exe hxxp://ui.skype.com/ui/0/7.22.0.109/en/abandoninstall?page=tsProgressBar
Task: {E313D8DD-7422-4E32-830F-285BDB8E14CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {E57DEDE1-0EBD-441D-8E6A-0787F2ABC1B2} - System32\Tasks\ASC9_SkipUac_Kavin Hensersky => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2015-12-08] (IObit)
Task: {ECBD0727-8BA2-4FFA-88DB-0670628840B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1836779011-2011716686-380047477-1001Core => C:\Users\Kavin Hensersky\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASC9_SkipUac_Kavin Hensersky.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836779011-2011716686-380047477-1001Core.job => C:\Users\Kavin Hensersky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1836779011-2011716686-380047477-1001UA.job => C:\Users\Kavin Hensersky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Kavin_Hensersky.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-08 23:29 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-21 16:54 - 2014-01-21 16:54 - 01301688 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2016-05-14 20:10 - 2016-05-14 20:10 - 02323456 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.16\deploy\LoLLauncher.exe
2016-05-14 20:12 - 2016-05-14 20:12 - 04515328 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\LoLPatcher.exe
2016-05-14 20:12 - 2016-05-14 20:12 - 02827264 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\LoLPatcherUx.exe
2015-09-25 19:40 - 2015-08-26 18:44 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2015-09-25 19:40 - 2015-08-26 18:44 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2015-09-25 19:40 - 2015-08-26 18:44 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2015-09-25 19:40 - 2015-09-25 19:40 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll
2015-09-25 19:40 - 2015-09-25 19:40 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll
2015-09-25 19:40 - 2015-09-25 19:40 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll
2015-09-25 19:40 - 2015-09-25 19:40 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2015-11-08 23:29 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-05-14 20:12 - 2016-05-14 20:12 - 01463808 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\RiotLauncher.dll
2016-05-14 20:12 - 2016-05-14 20:12 - 34843648 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\libcef.dll
2016-05-14 20:12 - 2016-05-14 20:12 - 01375744 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\icui18n.dll
2016-05-14 20:12 - 2016-05-14 20:12 - 01134592 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\icuuc.dll
2016-05-14 20:12 - 2016-05-14 20:12 - 04374528 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\v8.dll
2016-05-14 20:12 - 2016-05-14 20:12 - 01332224 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\libglesv2.dll
2016-05-14 20:12 - 2016-05-14 20:12 - 00190976 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\libegl.dll
2016-05-14 20:12 - 2016-05-14 20:12 - 00945664 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acledit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adhapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aecache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AepRoam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\alg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AltTab.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Apphlpdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appsruprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppxApplicabilityEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppxPackaging.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AppxSip.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\AppxStreamingDataSourcePS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AppxSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ARP.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\at.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AtBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\atl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\atlthunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\attrib.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditcse.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authfwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthFWGP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthFWWizFwk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AuthHostProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AutoWorkplaceN.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\avicap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\avrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AxInstUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\backgroundTaskHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BackgroundTransferHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BCP47Langs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BdeHdCfgLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bderepair.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BdeUISrv.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\bdeunlock.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\bi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bidispl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BioCredProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BitLockerWizardElev.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsprx2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsprx3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsprx4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsprx5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsprx6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bitsprx7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blb_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bootcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bootim.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bootsect.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\brdgcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bridgeunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BrokerLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BthHFSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bthpanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BthpanContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BthSQM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\btpanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BulkOperationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\BWContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CallButtons.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CallButtons.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CameraSettingsUIHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\capisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certca.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certCredProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CertEnrollCtrl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cfmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cfmifsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chcp.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CheckNetIsolation.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chkdsk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chkntfs.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\chkwudrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CIRCoInst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clbcatq.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cleanmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cliconfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cliconfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clip.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\CloudNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clrhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmcfg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmdext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmdkey.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmdl32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmlua.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmpbk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmstplua.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cngcredui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cnvfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cofire.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cofiredm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\colbact.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\colorcpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\colorui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\compact.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompMgmtLauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ComputerDefaults.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comrepl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ConnectedAccountState.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ConsentUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\console.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\control.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\convert.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\correngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CredentialMigrationHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CredentialUIBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptcatsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypttpmeksvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptuiwizard.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CSystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ctfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cttune.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cttunesvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3d8thk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dabapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DAConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dafupnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dafWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dafWfdProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DAFWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DAMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DaOtpCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\datusage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davhlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dbnetlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dbnmpntw.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dccw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dcomcnfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDACLSys.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ddodiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DDOIProxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DDORes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DefaultDeviceManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DefaultPrinterProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Defrag.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\defragproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\defragsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\deskadp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\deskmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DevDispItemProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceDisplayStatusManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceDriverRetrievalClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceElementSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DeviceProperties.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\deviceregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceSetupManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceSetupManagerAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DeviceUxRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DevPropMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devrtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfdts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DFDWiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DfsShlEx.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dhcpcmonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DHCPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dialer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\difxapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dimsjob.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dinput.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dinput8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskcomp.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskcopy.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskcopy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Dism.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DismApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dispci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dispdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dispex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DisplaySwitch.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dllhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dllhst3g.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dlnashext.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dmdlgs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmdskmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmintf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmloader.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmocx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DMRServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmvdsitf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dmview.ocx:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dnshc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\docprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\doskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Dot3Conn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3dlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3gpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3gpui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\dot3hc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3mm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DpiScaling.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\driverquery.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drtprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drttransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drvcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dskquota.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DsmUserTask.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsrole.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dssec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Dsui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dswave.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dtsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\duser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dvdplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dvdupgrd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWWIN.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxgwdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Dxpserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxva2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Eap3Host.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapprovp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EAPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eapsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\easconsent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EaseOfAccessDialog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\easinvoker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\easinvoker.proxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\efsadu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\efslsaext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\efssvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\efsui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\efsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\efswrt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EhStorAuthn.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ELSCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\elshyph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\elslad.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\energyprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\energytask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eqossnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\esentprf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\esentutl.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EventAggregation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eventcreate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\eventvwr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\expand.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ext-ms-win-kernel32-package-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ext-ms-win-ntuser-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ext-ms-win-ntuser-private-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ext-ms-win-session-winsta-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\extrac32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\f3ahvoas.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FdDevQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdPHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdPnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FDResPub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhautoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhcleanup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhevents.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhlisten.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhmanagew.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhshl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhsrchapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhsrchph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhsvcctl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fhtask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FileAppxStreamingDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\filemgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\find.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\finger.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Firewall.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fltLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fltMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Fondue.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fontview.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\forfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\format.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\frprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsavailux.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsquirt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsutilext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fthsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fvecerts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveskybackup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSCOMEX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSCOMPOSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSROUTE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSST.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXST30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FXSUTILITY.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\gacinstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gcdef.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\getmac.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\getuname.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\glmf32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\globinputhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\glu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpprnext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Groupinghc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\grpconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\hcproviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hdwwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\help.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\HelpPaneProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hidphone.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hnetcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hnetmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\HOSTNAME.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hotplug.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hotspotauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\httpprxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\httpprxp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\htui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hwrcomp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hwrreg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ias.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icmui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IconCodecService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icsunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IdListen.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\idndl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IDStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IEAdvpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iexpress.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ifsutilx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\igdDiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imaadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imgutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\immersivetpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InfDefaultInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InputSwitch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\irclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\irftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\irmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\irprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsicpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsicpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsied.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsiexe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iscsiwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iuilp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\joy.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRUM.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTT102.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KdsCli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kd_02_8086.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\keepaliveprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernelceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\keymgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\klist.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ktmutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ktmw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\l2gpstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\L2SecHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\l3codeca.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\l3codecp.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\label.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LangCleanupSysprepAction.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LAPRXY.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LaunchTM.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\linkinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\livessp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LldpNotify.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lltdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lltdsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lmhsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\loadperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LocationNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Locator.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LockScreenContent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LockScreenContentHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\loghours.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpkinstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\lpksetupproxyserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Magnification.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MaintenanceUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\makecab.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MbaeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MbaeParserTask.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MbaeXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mbussdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcicda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mciwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\McxDriv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MDEServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mdminst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MdRes.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MemoryDiagnostic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfAACEnc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfdvdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfh264enc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mgmtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mibincodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\microsoft-windows-kernel-power-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\migflt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\miguiresource.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mimofcodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MirrorDrvCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\miutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mlang.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mode.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\montr_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\more.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mountvol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mousecpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mpnotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mprmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRINFO.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MrmIndexer.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msaatext.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msacm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsApoFxProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msauserext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscat32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msched.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSchedExe.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctfime.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctfuimanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdadiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdart.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdelta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdri.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtckrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtclog.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msg711.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msgsm32.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshta.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsiCofire.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msidcrl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msident.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiltcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiwer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mskeyprotcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mskeyprotect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msls31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msoeacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mspatcha.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mspatchc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msports.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrahc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssha.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msTextPrediction.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvcirt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSWB7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSWB70011.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSWB7001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSWB70404.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSWB70804.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtstocom.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mtxex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MUILanguageCleanup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mycomput.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NapiNSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\napipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NAPMONTR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NAPSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nbtstat.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NcaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NcaSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncbservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncobjapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncpa.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ncryptprov.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncuprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ndadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nddeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ndfapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ndfetw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ndfhcdiscovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ndiscapCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ndishc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NdisImPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ndproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nduprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\negoexts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\net.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbios.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetEvtFwdr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netman.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Netplwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netprofm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netprofmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netprovisionsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netsh.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NETSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetVscCoinstall.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NetworkStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NL7Data0011.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NL7Data001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NL7Data0404.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NL7Data0804.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlahc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlmgp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlmsprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0000.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0002.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0003.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0007.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData000a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData000c.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData000d.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData000f.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0010.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\NlsData0018.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData001a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData001b.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData001d.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0020.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0021.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0022.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0024.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0026.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0027.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData002a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0039.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData003e.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0045.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0046.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0047.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0049.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData004a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData004b.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData004c.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData004e.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0414.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0416.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0816.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData081a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsData0c1a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Nlsdl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\normaliz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\npmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nshhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nsisvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ntlanui2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6435582.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6435582.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbcad32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbcbcp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbcconf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OEMLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ogldrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oledlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\openfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\opengl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OptionalFeatures.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\osbaseln.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OskSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\osuninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\p2pnetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PackageStateRoaming.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\panmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\PATHPING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pautoenr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcacli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcsvDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcwrun.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcwutl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perfctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\perfnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perfos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perfproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PickerHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\plasrv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\playlistfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PlaySndSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PlayToStatusProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ploptin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pngfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnpclean.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnppolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PNPXAssocPrx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnrpauto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Pnrphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnrpnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pnrpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceWiaCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\pots.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\print.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PrintDialogHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\printfilterpipelineprxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PrintIsolationHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\printui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\procinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\provthrd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ProximityCommonPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ProximityRtapiPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ProximityService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ProximityServicePal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ProximityUxHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prvdmofcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PSHED.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PSModuleDiscoveryProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\psr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pstorec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pwlauncher.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pwlauncher.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pwsso.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qmgrprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\racpldlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\radardt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\radarrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasadhlp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\rasauto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\raschapext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\raserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasmbmgr.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RASMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasphone.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpclip.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpinput.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RdpSa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RdpSaProxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RdpSaPs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RdpSaUacHelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdrleakdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RDSAppXHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdsdwmdr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RDSPnf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdvvmtransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReAgentTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\recimg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\recover.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RecoveryDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RegCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\regedt32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\regidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\regini.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Register-CimProvider.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\RegistryDefragBootTime.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\regsvr32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\remotesp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RemoveDeviceContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RemoveDeviceElevated.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\replace.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rfxvmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rgb9rast.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RmClient.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rmttpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rnr20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RoamingSecurity.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RotMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ROUTE.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RpcEpMap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RpcNs4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcnsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RpcPing.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RstrtMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\runas.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RunLegacyCPLElevated.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RuntimeBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sas.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sbeio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SCardDlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sccls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scripto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scrnsave.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdhcinst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdiageng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdiagnhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdiagprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdiagschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SecEdit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SensApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SensorsClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sensrsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\serialui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\serwvdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sessionmsg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SetNetworkLocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SetProxyCredential.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setspn.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sfc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sfc_os.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shpafact.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shrpubw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shutdown.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\signdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sigverif.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SimCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SkyDriveShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SlideToShutDown.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\slpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SmartCardSimulator.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SmartScreenSettings.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smbwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SmsDeviceAccessRevocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SMSRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\snmpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\snmptrap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SNTSearch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\softpub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sort.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SortServer2003Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SortWindows61.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SortWindows6Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SoundRecorder.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spcompat.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\spfileq.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SPInf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spmpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppcomapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sqlcecompact40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sqlceoledb40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sqlceqp40.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sqlcese40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SrTasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srumapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srumsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sscoreext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ssdpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ssdpsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SSShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sstpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Startupscan.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\stclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sti.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StikyNot.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sti_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\streamci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SubscriptionMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\subst.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\svchost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\svsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sxproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sxshared.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sxssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sxsstore.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\sxstrace.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SyncHostps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SyncInfrastructure.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SyncInfrastructureps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Syncreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\syskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sysntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\systeminfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemPropertiesAdvanced.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemPropertiesComputerName.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemPropertiesHardware.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemPropertiesPerformance.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemPropertiesProtection.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemPropertiesRemote.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\SystemSettingsRemoveDevice.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\systray.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TabbtnEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tapi3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tapilua.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TapiMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tapiperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TapiSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TapiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskhostex.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskkill.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tasklist.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TaskSchdPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tcmsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TcpipSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tcpmib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tcpmonui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TCPSVCS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\telephon.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TetheringIeProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TetheringMgr.dll:$CmdTcID [32]
AlternateDataStreams: C:\Windows\system32\TetheringStation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\themeservice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\threadpoolwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ThumbnailExtractionHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TiltWheelMouse.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TimeBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TimeBrokerServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TimeDateMUICallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\timeout.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TimeSyncTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tpmcompc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TpmInit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tpmvsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tpmvscmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tpmvscmgrsvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TRACERT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tree.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\trkwks.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSChannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TtlsAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TtlsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tvratings.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\txflog.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\txfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucmhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\udhisapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uexfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ufat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UI0Detect.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uicom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uireng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umdmxfrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umpowmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\umrdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unattend.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uniplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\unregmp2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\upnpcont.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\upnphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ureg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usbceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usbmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usbperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\userinitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserLanguageProfileCallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ustprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uudf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\UXInit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\uxtheme.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VaultCmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VaultRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vdsldr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vdsvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vds_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\verclsid.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\verifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\verifier.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vidcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VscMgrPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vssadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\w32topl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WABSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\waitfor.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WallpaperHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wbadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wcmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wcmcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcnEapAuthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcnEapPeerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Websocket.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wecapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wecsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wecutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wephostsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wercplsupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wevtfwd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wextract.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WfHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\where.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\whhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\whoami.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiaacmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiadss.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wiarpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiascanprofiles.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wiatrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wimserv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winbici.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winbrand.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Portable.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Renewal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Proximity.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Storage.Compression.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.System.Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.System.RemoteDesktop.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgrade.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeResults.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\windowslivelogin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winethc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinFax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wininitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Winlangdb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogonext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winmde.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winmmbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinMsoIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinOpcIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winrs.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winrscmd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winrshost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winrssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsku.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsockhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WINSRPC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSyncMetastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSyncProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winver.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\witnesswmiv2provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wkspbroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wkspbrokerAx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WLanConn.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wlandlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanext.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WLanHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WlanMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WlanRadioManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlidcredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlidfdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlidnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wlrmdr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WlS0WndH.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmcodecdspps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdmlog.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdmps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmiclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmidcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmidx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmitomi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WmpDui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmsgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmvdspa.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WofTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WofUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\workerdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WorkFoldersRes.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wowreg32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpcWebSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnsruprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ws2help.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSCollect.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSDPrintProxy.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSDScanProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wship6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshnetbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSHTCPIP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsock32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSReset.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSService.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WSSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFx02000.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WWanHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wwanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WwanRadioManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xcopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XInput1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XInput9_1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xmlprovi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XpsFilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XPSSHHDR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xpssvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xwizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xwizards.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xwreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xwtpdui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xwtpw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\acledit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsldpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Apphlpdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AppxSip.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ARP.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\at.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AtBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\atl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\attrib.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\audiodev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authfwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWGP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AuthFWWizFwk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\autochk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\autoconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\autofmt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\avicap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\avrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\backgroundTaskHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BackgroundTransferHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BCP47Langs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bidispl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BioCredProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bitsprx7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bootcfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bthudtask.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\btpanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\BWContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\capisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certca.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certCredProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollCtrl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certreq.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cfmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cfmifsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chcp.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CheckNetIsolation.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\chkdsk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\chkntfs.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\choice.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CHxReadingStringIME.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cipher.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clbcatq.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cleanmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clip.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CloudNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clrhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmcfg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmdext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmdial32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmdkey.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmdl32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmlua.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmmon32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmpbk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmstplua.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cngcredui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cnvfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\colbact.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\colorcpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\colorui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comcat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\compact.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\compstui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ComputerDefaults.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comrepl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comuid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\connect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ConnectedAccountState.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\console.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\control.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\convert.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CredentialUIBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypttpmeksvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptuiwizard.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ctfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cttune.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\cttunesvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\C_IS2022.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10core.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1core.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d8thk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dim700.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dramp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dxof.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dabapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dataclen.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davhlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dbnetlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\dbnmpntw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dccw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dcomcnfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DDACLSys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ddodiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DDOIProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DDORes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DefaultDeviceManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\deskadp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\deskmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DevDispItemProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DeviceProperties.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DeviceUxRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dfscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DfsShlEx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcmonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DHCPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dialer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\difxapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dimsjob.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dinput.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dinput8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskcomp.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Dism.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DismApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dispex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DisplaySwitch.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dllhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dllhst3g.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmband.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\dmcompos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmdlgs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmdskmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmime.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmintf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmloader.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmocx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmstyle.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmsynth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmusic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmvdsitf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dmview.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\docprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\doskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dot3dlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dot3gpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dot3gpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dot3hc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dpapimig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DpiScaling.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\driverquery.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drtprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drttransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dsdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dskquota.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dsound.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dsprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dsquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dsrole.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dssec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dssenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Dsui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dswave.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dtsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\duser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dvdplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dvdupgrd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWWIN.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxva2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eappprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eapprovp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EAPQEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\efsadu.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\efsui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\efsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EhStorAuthn.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\EhStorPwdMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ELSCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\elshyph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\elslad.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\encapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\eqossnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\es.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\esentprf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\esentutl.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eventcreate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\eventvwr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\expand.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ext-ms-win-kernel32-package-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ext-ms-win-networking-wcmapi-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ext-ms-win-session-winsta-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\extrac32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\f3ahvoas.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdBthProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FdDevQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdPnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdSSDP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdWCN.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdWNet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fdWSD.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\feclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\filemgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\find.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\finger.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FirewallAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fltLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fltMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fmifs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Fondue.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fontview.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\forfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\format.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\frprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fsutilext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fundisc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fwcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FXSAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FXSCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FXSCOMEX.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FXSEXT32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FXSXP32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gcdef.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\getmac.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\getuname.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\glmf32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\globinputhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\glu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpprnext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpresult.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gpupdate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\grpconv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hcproviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\help.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\HelpPaneProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hh.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hhsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hidphone.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hidserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hnetcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hnetmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\HOSTNAME.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\htui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ias.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iasads.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iasdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iashlpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IasMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iasnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iaspolcy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iassam.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iassdo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iassvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icacls.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icmui.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\IconCodecService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icsigd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icsunattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\idndl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IDStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IEAdvpack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iesysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iexpress.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ifmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ifsutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ifsutilx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imaadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imgutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InfDefaultInstall.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InputSwitch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ipconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iprtprio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ir32_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ir41_32.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ir41_qc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ir41_qcx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ir50_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ir50_qc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ir50_qcx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\irclass.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\irprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iscsidsc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iscsied.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iscsium.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmiv2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\itss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\joy.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRUM.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDTT102.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\keyiso.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\keymgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\korwbrkr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ktmutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ktmw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\l2gpstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\l2nacp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\L2SecHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\l3codeca.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\l3codecp.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\label.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LAPRXY.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\LaunchTM.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\licmgr10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\linkinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\loadperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\LocationNotifications.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lodctr.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\logagent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\loghours.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Magnification.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Magnify.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\makecab.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mbussdapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mcicda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mciseq.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mciwave.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mdminst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf3216.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfAACEnc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfcsubs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfdvdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfh264enc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mftranscode.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mgmtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mibincodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\midimap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\miguiresource.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mimofcodec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MirrorDrvCompat.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\miutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mlang.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mmcbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mmci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mmcico.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mmcndmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mmcshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mode.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\modemui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\more.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mountvol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mpr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mprmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MRINFO.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MrmIndexer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaatext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msacm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msacm32.drv:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msadp32.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscat32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscpxl32.dLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctfime.ime:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MsCtfMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctfuimanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdadiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdart.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdelta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeedsbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msfeedssync.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msg711.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msgsm32.acm:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshta.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msidcrl40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msident.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msidle.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiltcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimtf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msisip.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiwer.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msls31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msoeacct.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msoert2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mspatcha.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mspatchc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msports.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msra.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrdc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscript.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssha.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msshooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssign32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssip32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcirt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcp60.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSWB7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70011.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSWB7001E.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70404.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSWB70804.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswmdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtstocom.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mtxdm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxex.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mtxlegih.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mycomput.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NapiNSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\napipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NAPMONTR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NAPSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Narrator.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NcaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NcdProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncobjapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncpa.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncryptprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ndadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nddeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ndfapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ndfetw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ndfhcdiscovery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ndiscapCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ndishc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ndproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\negoexts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\net.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netbios.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Netplwiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netprofm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netprovisionsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netsh.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NETSTAT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\networkitemfactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\newdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\newdev.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ninput.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0011.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data001E.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0404.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0804.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlhtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlmgp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlmsprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0000.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0002.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0003.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0007.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000c.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000d.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData000f.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0010.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0018.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001b.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData001d.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0020.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0021.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0022.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0024.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0026.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0027.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData002a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0039.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData003e.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0045.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0046.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0047.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0049.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004b.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004c.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData004e.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0414.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0416.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0816.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData081a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsData0c1a.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Nlsdl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\normaliz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\npmproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nshhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntasn1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntlanui2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntmarta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbcad32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbcbcp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbcji32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oddbse32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odexl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odfox32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odpdx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\odtext32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OEMLicense.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\offfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ogldrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleacchooks.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olecli32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oledlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\oleprn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olesvr32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\openfiles.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\opengl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OpenWith.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\osbaseln.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\OskSupport.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\osuninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\P2P.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\P2PGraph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\p2pnetsh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\panmap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PATHPING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pautoenr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pcacli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pcaui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pcaui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pdhui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\perfctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\perfdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\perfmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\perfnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\perfos.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\perfproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PickerHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pid.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PING.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pla.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\playlistfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PlaySndSrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PlayToStatusProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pngfilt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\pnrpnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pots.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\powrprof.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PresentationNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\print.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\printui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\prnntfy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\profapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\profext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\provcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\provthrd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommonPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ProximityRtapiPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\prvdmofcomp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\psapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\psr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pstorec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qmgrprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Query.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qwave.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\racpldlg.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\radardt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\radarrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasadhlp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\rasautou.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\raschapext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasctrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasdial.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\raserver.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasman.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasmontr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasphone.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasplap.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RdpSa.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaProxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaPs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RdpSaUacHelper.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdrleakdiag.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rdvvmtransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\recover.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\reg.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RegCtrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\regedt32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\regini.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Register-CimProvider.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\regsvr32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rekeywiz.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\remotesp.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\replace.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\resmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RestoreOptIn.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RmClient.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\rnr20.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ROUTE.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RpcNs4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcnsh.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\RpcPing.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RstrtMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rtffilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rtm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\RTWorkQ.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\runas.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rundll32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sas.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sbeio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SCardDlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scripto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scrnsave.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scrobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdchange.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdiageng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdiagnhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdiagprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SecEdit.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\secinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SensApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\serialui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\serwvdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setx.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sfc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sfc_os.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shfolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\shpafact.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\shrpubw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shutdown.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\signdrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SimAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SimCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SkyDriveShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\slpts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SmartScreenSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SMBHelperClass.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\snmpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\softkbd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\softpub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sort.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SortServer2003Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SortWindows61.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SortWindows6Compat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spfileq.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SPInf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwinsat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sqlcecompact40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sqlceoledb40.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\sqlceqp40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sqlcese40.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srumapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srumsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ssdpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\SSShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Startupscan.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\stclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sti.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Storprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\subst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\svchost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sxproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sxshared.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sxsstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sxstrace.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SyncHostps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructure.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructureps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Syncreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\syskey.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sysmon.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\systeminfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\systray.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\t2embed.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tapi3.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TapiMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tapiperf.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TapiSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TapiUnattend.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\taskkill.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\tasklist.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Taskmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TaskSchdPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tcmsetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tcpmib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TCPSVCS.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\telephon.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\themeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\threadpoolwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\TimeDateMUICallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\timeout.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tpmcompc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TpmInit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TRACERT.EXE:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\traffic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tree.com:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSChannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSTheme.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TtlsAuth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TtlsCfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TtlsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tvratings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.appcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\txflog.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\txfw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ucmhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\udhisapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\uexfat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ufat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\uicom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\uireng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ulib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\umdmxfrm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\uniplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\unregmp2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\upnpcont.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\upnphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ureg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\url.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usbceip.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usbperf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usbui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\userinitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ustprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Utilman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\uudf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\UXInit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\uxtheme.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vdmdbg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vds_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\verclsid.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\verifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\verifier.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\version.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vidcap.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VscMgrPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vssadmin.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\w32topl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WABSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\waitfor.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wcmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcnApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Websocket.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wecapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wecutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WerFault.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wevtapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wevtfwd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wevtutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wextract.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wfapigp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WfHC.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\where.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\whhelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\whoami.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wiaacmgr.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wiaaut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wiadss.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wiascanprofiles.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wiashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wiatrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winbio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winbrand.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\windowslivelogin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinFax.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wininitext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Winlangdb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winmmbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winnsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winrnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winrs.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winrscmd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winrshost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winrssrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winsku.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winsockhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WINSRPC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinSyncMetastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WinSyncProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winusb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winver.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wisp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wkspbrokerAx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WLanConn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlandlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlanext.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlaninst.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WlanMM.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Wldap32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlgpclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlidcredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlidfdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlidnsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WlS0WndH.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmcodecdspps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdmlog.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdmps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmdev.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmiclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmidcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmidx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmiprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmitomi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMNetMgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WmpDui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmsgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVCORE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmvdspa.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WorkFoldersRes.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wowreg32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WPDShextAutoplay.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WPDSp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\write.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2help.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscisvif.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSClient.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wscproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsdchngr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\wshcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wship6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshqos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSHTCPIP.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsock32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wwapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xcopy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XInput1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XInput9_1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xmlfilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xmlprovi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XpsFilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XpsPrint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XPSSHHDR.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xpssvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xwizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xwizards.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xwreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xwtpdui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xwtpw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\asw1082.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\asw10B2.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\asw10C4.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\asw10D6.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\asw10D7.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\BasicRender.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\BtaMPM.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\BthHfAud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\bthmodem.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dumpfve.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fileinfo.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fsdepends.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ipnat.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\luafv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mpsdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msgpioclx.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mslldp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ndiscap.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\NdisImPlatform.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Ndu.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netbios.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netvsc63.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nsiproxy.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\qwavedrv.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\rasacd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdyboost.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\refs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rootmdm.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\sdstor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\SerCx2.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\swenum.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tbs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\t_mouse.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\UCX01000.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vcsvad.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VerifierExt.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\watchdog.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wimmount.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wof.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\wpcfltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\10291082_10203690435621860_447408065174229544_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\11811431_10154638706131959_5757254957519980758_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\12027585_10153809458160628_977081234539592740_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Alan Watts - The veil of thoughts - complete - original.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\ANCOVA.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Banking-and-Currency-and-the-Money-Trust-by-Minesota-Congressman-Charles-a-Lindbergh-Sr.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Banking-and-Currency-and-the-Money-Trust-by-Minesota-Congressman-Charles-a-Lindbergh-Sr.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Chomsky's core message to humanity.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\democracy_promotion_after_bush_final.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\democracy_promotion_after_bush_final.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\dialogues_concerning_natural_religion_lm_librivox_64kb_mp3.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\dialogues_concerning_natural_religion_lm_librivox_64kb_mp3.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\essays_book1_1204_librivox.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\essays_book1_1204_librivox.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\essays_francis_bacon_cv3_librivox_64kb_mp3.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\essays_francis_bacon_cv3_librivox_64kb_mp3.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\fa01_12e.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\fa01_12e.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Fallacentricity - The Texas Sharpshooter Fallacy.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\genome_Travis_Hensersky_Full_20151003171306.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\genome_Travis_Hensersky_Full_20151003171306.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\ha-joon-chang-bad-samaritans.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\ha-joon-chang-bad-samaritans.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Hacker.txt:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Hacker.txt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\historychemistr01thomgoog.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\historychemistr01thomgoog.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\human_understanding_0711_lv_2_64kb_mp3.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\human_understanding_0711_lv_2_64kb_mp3.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\JamesRandi_2007-480p-en.mp4:$CmdTcID [130]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\JamesRandi_2007-480p-en.mp4:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\lisp1.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\lisp1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\MGP_TravCharSheet-FILLABLE.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\MGP_TravCharSheet-FILLABLE.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Organization Paper Rough Draft - Travis Hensersky.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Organization Paper Rough Draft - Travis Hensersky.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Presentation Instructions Sp13(2).docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Presentation Instructions Sp13(2).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Self-directed groups and performance.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Self-directed groups and performance.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Structural Forms - Junge's Wife.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Structural Forms - Junge's Wife.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\TaxReturn.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\TaxReturn.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\The Chirurgeon.docx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\The Chirurgeon.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\the_fish_fillets_v1_1.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\the_fish_fillets_v1_1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\Travis.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\tumblr_nkrsxbpAVv1qb1bi1o1_400.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\When to use what test.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\When to use what test.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\~WRL3139.tmp:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Desktop\~WRL3139.tmp:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\477-785-1-PB.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\477-785-1-PB.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\advanced-systemcare-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\advanced-systemcare-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\avast_free_antivirus_setup_online.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\avast_free_antivirus_setup_online.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Battle.net-Setup-enUS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Battle.net-Setup-enUS.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\BitTorrent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\BitTorrent.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\BlackDesertOnlineCCMSetup_02.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\BlackDesertOnlineCCMSetup_02.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Cavanaugh, et al., 2000.  An Empirical Examination of Self-Reported Work Stress Among U.S. Managers-.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Cavanaugh, et al., 2000.  An Empirical Examination of Self-Reported Work Stress Among U.S. Managers-.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\ccsetup509.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\ccsetup509.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\ChromeSetup(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\ChromeSetup(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Crowntakers.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Crowntakers.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\CurseClientSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\CurseClientSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\dfsetup219.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\dfsetup219.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Disconnect+Desktop.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Disconnect+Desktop.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\DoodleGodSetup_fixed.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\DoodleGodSetup_fixed.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\fceux-2.2.2-win32.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\flux-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\flux-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\GeForce_Experience_v2.5.13.6.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\GeForce_Experience_v2.5.13.6.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\GoogleVoiceAndVideoSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\GoogleVoiceAndVideoSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\IO Psyc Contact Info 2015-2016.xlsx:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\IO Psyc Contact Info 2015-2016.xlsx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\mbam-setup-2.1.8.1057.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Metal Gear (USA).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\mirc743.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\mirc743.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\NeverendingNightmares-2.0.20854.msi:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\NeverendingNightmares-2.0.20854.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\nip01.wmv:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\nip01.wmv:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Notes for meeting with Ed and Toshio 01.18.16.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\PeerBlock-Setup_v1.2_r693.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\PeerBlock-Setup_v1.2_r693.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Rating Spreadsheet(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Rating Spreadsheet(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Rating Spreadsheet.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Rating Spreadsheet.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\rcsetup152.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\rcsetup152.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\sanders-criminal-justice-on-fleek_5601692de4b00310edf889d8.htm:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Setup.X86.en-us_O365ProPlusRetail_48cef52b-eb95-4f1c-937a-ff5bd98b5aaf_TX_PR_.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Setup.X86.en-us_O365ProPlusRetail_48cef52b-eb95-4f1c-937a-ff5bd98b5aaf_TX_PR_.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\setup_galaxy_1.1.3.23.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\setup_galaxy_1.1.3.23.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\SkypeSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\SkypeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\sm8-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\sm8-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\StartMenuX_Setup_5_6.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\StartMenuX_Setup_5_6.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\SteamSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\SteamSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\the_fish_fillets_v1_1.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\United Airlines Travis and Sarah.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\United_AO_Q10_Topic Cluster Check.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\vlc-2.2.1-win32.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\vlc-2.2.1-win32.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Yijin 9.23.15.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Downloads\Yijin 9.23.15.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Documents\7z1514-x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Documents\7z1514-x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Documents\DropboxInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Documents\DropboxInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Documents\Mkeezay29_Optimization_XML_v3.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Documents\Mkeezay29_Optimization_XML_v3.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Documents\New Skype.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Documents\psy751_sylspring2016.doc:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Documents\psy751_sylspring2016.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\Kavin Hensersky\Documents\TheWorse-Mod-10-maldo-[Guru3D.com].rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\Kavin Hensersky\Documents\TheWorse-Mod-10-maldo-[Guru3D.com].rar:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1836779011-2011716686-380047477-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4789 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1836779011-2011716686-380047477-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kavin Hensersky\Desktop\Cards\Artwork\Summoning Song.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Dropbox"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D521C7B2-C463-4BA3-B781-4FAEA209BFC7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F73B762C-965D-4CFD-A815-A07AE15BB977}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4FC65214-858E-4C0B-8B60-FE304B2485DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7CA0973F-6D64-49C5-95C8-B8A549EA183F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{09B1AFE4-8BCF-4BE8-A0E2-E2BADF339EE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2AF3917C-0827-4A74-A62B-9413954B89CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5B375F8F-565C-4A65-8724-3052574EAF16}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{7511CBA2-D7C1-4637-8366-B7D2E930F083}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{590C9721-E0E2-4C18-B038-D8E4B2618C0E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{772CA246-88BE-40FE-BB31-EA16CBDA132F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{69A3FB96-CD93-46E3-9F8E-95D210353A88}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3BC42647-FCD9-4179-A879-EACB747A94DC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AEE5A5B4-AE3E-466B-B792-10C1B4D3FA8C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A4CCB804-4256-406C-9C25-5B9D62226983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{810C6BA6-6BDB-4783-8391-C7AB72FB22DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{EDC36E21-00F1-44F6-B01A-0E89D92A1E03}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{0701BD0A-279D-4146-921F-B7D2FBDD3BB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand of Fate\Hand of Fate.exe
FirewallRules: [{964B963B-5376-4E9C-A849-AE1A5B462ABE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blackguards\Blackguards.exe
FirewallRules: [{E16D38F0-643A-4428-93B4-8A96691604F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blackguards\Blackguards.exe
FirewallRules: [{B4B5A497-4C78-4DC2-BFFF-972EADE21921}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{EE5C4009-F70F-4D64-9AF0-D6EC2E1DAFEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{55A3F269-B1AF-4C76-AA44-3F8403489070}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{20D731D7-7FE0-430F-B6CD-BA97CDB26286}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{77CB2F91-21B3-4687-AEB4-14CC07185427}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{3D5AFC6B-EE95-4E93-8325-9AFFFFA35765}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{9AFE45C4-DD27-4330-9A80-954A800D24B0}] => (Allow) C:\Users\Kavin Hensersky\AppData\Roaming\Disconnect\Disconnect Desktop\\openvpn\bin\openvpn.exe
FirewallRules: [{DF7C5A85-DC33-4D0B-A703-61D13FC6FAC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{93EDB048-0A4F-45F2-BD23-EE6DF1BA8AB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpecOps_TheLine\Binaries\Win32\SpecOpsTheLine.exe
FirewallRules: [{C086C37E-1758-4426-8A79-0458CC8FEF56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{14C4AF12-BF04-4979-9518-481ED2B924A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{1E1E5DB4-447B-4A96-8249-38F2A2D90F6D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D5E29E37-9854-4B97-924B-4ACA138FE95D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{69854028-DF0A-47BB-A9EE-3743811A82C8}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{2BE2D5B4-AEE3-4AC2-AC38-862E5D43FD2B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{7E97B78A-7DDC-4314-969C-7B19F2AD1077}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{9687FB48-5072-436E-9F35-60B1A9B066C1}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{AD6A621E-DAD6-42DD-B43B-A682EFD33E9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{D946AE53-576C-4AC6-8676-EF672CD051DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{6DBE2B8D-B1C5-4DA7-A825-9E342A7806E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{6463B3CD-78AB-424C-B8A3-1BEDFE27CAE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{528CCC89-E9DD-4DD5-877A-BC37911A37FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E6A7F4D5-770F-4F4B-8BE5-2016DB5B8858}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{6C4BD9D7-221E-4063-870B-5D4928989331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{BEBEE0E1-42F7-4CCB-B207-4AAA89145648}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{FA0E2D61-ACF3-48FC-9FDF-70760468DF74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ValdisStoryAbyssalCity\Valdis_Story_AC.exe
FirewallRules: [{91CAEF9A-A59A-469E-8DA3-E23270428644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ValdisStoryAbyssalCity\Valdis_Story_AC.exe
FirewallRules: [{255D8A6F-EDF4-45F5-948A-EAB6A5C5899B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{5C6A5BDF-1AFB-4149-8B49-57D77BF5FF19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [TCP Query User{0015F7CF-9857-487F-A058-051C93895DCD}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{B89D8D28-CF70-42A0-878D-F766EAED5EE4}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{4AFEB2C5-6870-45FA-ACC6-A395C00E9196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{21AE54C5-DD72-448F-B02E-A74F5EE96A26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{1AFB60DF-67FD-4AE1-B82E-5ECCCF50ECCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{28311582-3DD3-4C01-9A16-10BA03B84660}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{CFFCD699-A2C9-4D04-BA54-E59F5CDF13E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{458C0270-E038-441C-B2A6-8BA86316115D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{8BA5A6C6-F845-4981-BBC1-A9B69C8C7F23}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{73EFDDEF-9373-4588-BA16-6A672E5E7A0B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CCEC0A20-4BFA-4D78-9EA2-14939157B6F7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B33F4DDC-4E67-4988-B0BA-8EF76B77FF8A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{DB8B8752-7859-4983-9273-157FFA9262DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{30A8D03B-B73A-4E68-B841-944E85230D61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9ACC9864-AD4C-41EC-A40F-9D0E1A37C338}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{DD9BB57C-1C9B-4DCF-8B63-0B494BDBCF0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{F088FC8F-AB5F-4BF4-B785-434A8D357FB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{1D7055AD-8872-447A-94D3-85D7D1101469}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{3180FE86-B30B-4600-ADDF-24936B499285}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [{FDD25F7E-4A0C-4B0B-80B9-B9199A323E9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [{B1362357-0C7A-4C94-BE03-96FBA8423734}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Shogun 1 Gold\launcher\launcher.exe
FirewallRules: [{338CF38B-36A5-4C13-89DD-52B3DC45185F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Shogun 1 Gold\launcher\launcher.exe
FirewallRules: [{3550638D-9513-4110-96BC-D35AC87BFB2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{7C7B6958-EF27-43A0-835C-EEEB2B2EA0EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{61098F73-DBBB-4B47-896B-4DD66CD2B540}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{5A597520-17CC-41A9-9547-C405356FD61F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{62D076C3-35BE-4D15-8FB3-57230D9E7657}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{FB919AF3-467B-4CBD-A311-68C6F529EEEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{3E1E7019-8018-4422-BBCC-D454B96F9830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{6505C9EE-22E3-4220-B6FE-78202CD58E69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{2D281037-9972-49E4-B10D-0E6562CB762B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{C73ED4A8-7242-4F6A-918B-A5BD1A5E7DC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe
FirewallRules: [{CB24B8E5-CBE7-4600-BF76-F51D7002C161}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{02032F2F-A935-423F-924A-6748C80F162E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{C5DFBFE7-D75C-4986-B6D3-72702C390CA9}] => (Allow) C:\Users\Kavin Hensersky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7C7012CE-AE95-48B6-A4E5-E69EAF16392C}] => (Allow) C:\Users\Kavin Hensersky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AA6C970A-0A70-41B2-BB76-37E815A00CFD}] => (Allow) C:\Users\Kavin Hensersky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C4FF4313-F36E-4528-AC7E-C5C4BD5FFFBD}] => (Allow) C:\Users\Kavin Hensersky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{EA8F1A64-07DF-4A90-8382-8434083B5223}] => (Allow) C:\Users\Kavin Hensersky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3043EF21-F5A7-4236-BCFA-865BB72ED3A0}] => (Allow) C:\Users\Kavin Hensersky\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{AF754F18-3F93-40E3-A6D9-FD793F793F9F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9A61ACDB-DA0C-4CC3-AC15-692309CFB733}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{56C46399-CC46-41CE-879E-60B9A8B24AB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{18A5CCEF-2254-4471-8D92-EFC9C436086C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{1844185D-1BCF-4111-94DD-E57E6E30AD04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{F05E1C9B-A27A-4ECA-BBC0-E31C69410AE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe
FirewallRules: [{5E6F4EBC-CE9A-446D-86B3-5E5D8D0944F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{E007EE49-3935-4B03-908B-EA23FF825F4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{9256B2EA-112B-47CF-9815-FB8CED3794E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{2E5EAE18-22BE-437F-A720-B03F1DD82C51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [TCP Query User{451E94CD-66C5-47B3-8F3B-C1FE290A4C49}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [UDP Query User{BEB71888-835C-42AA-805F-656DC68158AE}C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [TCP Query User{8B406558-9E05-46FC-9E10-B4D9748A22A0}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{25EEC892-9831-4E8F-99AD-46C920BDC684}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{5B28BBF0-581C-4A24-9B21-6C6E22BAD439}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dominions4\Dominions4.exe
FirewallRules: [{8B21D483-D70D-4BD3-91AA-DF74689543B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dominions4\Dominions4.exe
FirewallRules: [{D31194A3-DE4D-4187-BA34-9659998A02FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\InvisibleInc\invisibleinc.exe
FirewallRules: [{E1F21537-5EE4-4AAD-8CE1-2AA0326CE26F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\InvisibleInc\invisibleinc.exe
FirewallRules: [{CAC212F2-08D7-4EDA-A094-CA79E9A19E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Sad Story of Emmeline Burns\The Sad Story of Emmeline Burns.exe
FirewallRules: [{CA919AA2-FF55-451B-9230-1876DAF92E1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Sad Story of Emmeline Burns\The Sad Story of Emmeline Burns.exe
FirewallRules: [{F139508A-F10F-4C77-9830-8AFCFFF79891}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tesla Effect\TeslaEffect.exe
FirewallRules: [{E45ABECD-7038-4729-A39D-681981727718}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tesla Effect\TeslaEffect.exe
FirewallRules: [{5F784F2E-6F56-4D94-A07D-B30AB9107C84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{6E615C99-1390-4174-B02E-21DF3E672CAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe
FirewallRules: [{683EA9E0-76D1-4E8F-8D2C-CD0C4470D3A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{F58FA8F7-6458-4D40-AB9F-EB2FB225465E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{544BA37D-B2D2-4345-869D-6C062152D2A6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3F61887E-8665-4FB4-9BC9-AB201A66465E}] => (Allow) LPort=2869
FirewallRules: [{3617EFB6-57CA-4E0C-8AD0-3DAE813C810E}] => (Allow) LPort=1900
FirewallRules: [{87A65016-3954-4A66-B11C-FFA1532FFFCC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{640A1D99-C022-4C74-9B7A-39D58CE9E5ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5789250-1462-4DEA-AC7D-75B5AFFBF46C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{E0EF4DD3-1716-4483-84AC-FEDA88EBE56B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{F1432F0E-F9B7-418D-A6C5-7924E9DA8E97}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{E4DC773E-8A2C-4116-AAA8-41221CABB96E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{599CC5AD-A950-4E44-B86B-090D81BB590B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{6864557D-99C2-4893-8431-09AD2D574610}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{C364E89D-6853-46CB-8800-B4935AB443AA}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{D1D82AF8-34F8-4479-8673-C912302CD42D}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [TCP Query User{90F0D5BC-EB23-4D57-9408-69774EF61FA5}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{21506EAC-7CAF-4CEB-A5C3-D5BD2BD676C1}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [TCP Query User{1AF30180-5242-4331-BB03-853AA0FF74E1}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{B3FA72BE-5BE0-456E-97C0-757A391FB5A3}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [{48400E4B-0907-4EC2-8F52-1C392B44E2FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{9D64154B-6B72-4EAF-A595-6946362E3AC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{400A1BFE-86E7-43B6-9FAF-ED2ED87FE426}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{98F72B4A-C7C2-418A-8A45-A30D3E8D62CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{4B36A463-D0CE-4E03-8FB3-42ED1B01CAB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{AFD0232F-15E8-49F2-BB1F-8DCEF332029F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{54D5164F-3CB4-4B74-9CAF-CDA7B72D64E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Shogun 1 Gold\launcher\launcher.exe
FirewallRules: [{A298DFCA-41DF-412E-A6EB-B595C32C38F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Shogun 1 Gold\launcher\launcher.exe
FirewallRules: [{B87F75EF-C849-4108-A54B-67E8417774A3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

05-05-2016 03:54:19 Windows Update
06-05-2016 20:57:43 ASU_MSI_TRAN
11-05-2016 17:34:30 Windows Update
14-05-2016 15:00:58 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
14-05-2016 18:48:47 Installed League of Legends
14-05-2016 19:26:53 Removed League of Legends
14-05-2016 19:43:39 Installed League of Legends

==================== Faulty Device Manager Devices =============

Name: 802.11bgn 1T1R Wireless Adapter
Description: 802.11bgn 1T1R Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28ux
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2016 09:06:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BedroomDesktop)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/14/2016 09:06:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: BedroomDesktop)
Description: App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.

Error: (05/14/2016 08:17:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 46.0.1.5966 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b4c

Start Time: 01d1ae4478879dbb

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: d2f9877f-1a3a-11e6-8281-0008ca8a26e6

Faulting package full name:

Faulting package-relative application ID:

Error: (05/14/2016 07:45:44 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid

Error: (05/14/2016 07:43:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000008
Fault offset: 0x00000000000925fa
Faulting process id: 0x4f8
Faulting application start time: 0xsvchost.exe_PcaSvc0
Faulting application path: svchost.exe_PcaSvc1
Faulting module path: svchost.exe_PcaSvc2
Report Id: svchost.exe_PcaSvc3
Faulting package full name: svchost.exe_PcaSvc4
Faulting package-relative application ID: svchost.exe_PcaSvc5

Error: (05/14/2016 07:33:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamService.exe, version: 4.1.2032.8372, time stamp: 0x5693fd09
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000374
Fault offset: 0x00000000000f1b70
Faulting process id: 0x828
Faulting application start time: 0xNvStreamService.exe0
Faulting application path: NvStreamService.exe1
Faulting module path: NvStreamService.exe2
Report Id: NvStreamService.exe3
Faulting package full name: NvStreamService.exe4
Faulting package-relative application ID: NvStreamService.exe5

Error: (05/14/2016 07:30:03 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid

Error: (05/14/2016 07:30:03 PM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid

Error: (05/14/2016 07:23:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RdrCEF.exe, version: 15.10.20056.36345, time stamp: 0x5674082f
Faulting module name: libcef.dll, version: 3.2454.2122.0, time stamp: 0x56719b63
Exception code: 0x80000003
Fault offset: 0x00189e09
Faulting process id: 0x102c
Faulting application start time: 0xRdrCEF.exe0
Faulting application path: RdrCEF.exe1
Faulting module path: RdrCEF.exe2
Report Id: RdrCEF.exe3
Faulting package full name: RdrCEF.exe4
Faulting package-relative application ID: RdrCEF.exe5

Error: (05/14/2016 07:20:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamService.exe, version: 4.1.2032.8372, time stamp: 0x5693fd09
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000374
Fault offset: 0x00000000000f1b70
Faulting process id: 0x864
Faulting application start time: 0xNvStreamService.exe0
Faulting application path: NvStreamService.exe1
Faulting module path: NvStreamService.exe2
Report Id: NvStreamService.exe3
Faulting package full name: NvStreamService.exe4
Faulting package-relative application ID: NvStreamService.exe5


System errors:
=============
Error: (05/14/2016 11:07:29 PM) (Source: DCOM) (EventID: 10005) (User: BedroomDesktop)
Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (05/14/2016 11:05:18 PM) (Source: DCOM) (EventID: 10005) (User: BedroomDesktop)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/14/2016 11:02:56 PM) (Source: DCOM) (EventID: 10005) (User: BedroomDesktop)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/14/2016 11:02:56 PM) (Source: DCOM) (EventID: 10005) (User: BedroomDesktop)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/14/2016 11:02:40 PM) (Source: DCOM) (EventID: 10005) (User: BedroomDesktop)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/14/2016 11:02:40 PM) (Source: DCOM) (EventID: 10005) (User: BedroomDesktop)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/14/2016 10:58:04 PM) (Source: DCOM) (EventID: 10005) (User: BedroomDesktop)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/14/2016 10:58:04 PM) (Source: DCOM) (EventID: 10005) (User: BedroomDesktop)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/14/2016 10:56:38 PM) (Source: DCOM) (EventID: 10005) (User: BedroomDesktop)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/14/2016 10:56:38 PM) (Source: DCOM) (EventID: 10005) (User: BedroomDesktop)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
  Date: 2016-02-12 17:55:13.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-12 06:42:02.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-07 16:14:38.310
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-07 13:38:17.404
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-07 13:06:34.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-07 12:55:29.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-07 12:10:56.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-03 12:15:21.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-03 12:07:33.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-03 09:55:17.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX(tm)-8320 Eight-Core Processor
Percentage of memory in use: 39%
Total physical RAM: 8191.17 MB
Available physical RAM: 4920.82 MB
Total Virtual: 16383.17 MB
Available Virtual: 13253.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.07 GB) (Free:229.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 700C8E2E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

CheckResults.txt

Edited by Trav
Update
Link to post
Share on other sites

Thanks for the logs (although we do prefer that they be ATTACHED, rather than pasted inline).:)

There's quite a lot going on with this system.

I've asked more qualified and expert forum folks to take a look and to advise you further.

Please be patient, as it's the weekend.  Someone will help you as soon as possible.

Thank you,

 

Link to post
Share on other sites

Greetings,

I have attached the logs as you requested.

Have the rules in regards to how files are to be handled changed? I ask because I was following the instructions in the diagnostic logs instructions verbatim, in which it states:

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.

For future reference, should I disregard those points and only ever provide attachments? Or is this a matter of the size of logs / Should be tailored to the individual I am receiving aid from?

Thanks for your time,
~Trav

Scans.zip

Edited by Trav
Grammar
Link to post
Share on other sites

Hi:

Thanks for pointing that out.

It depends - some/many helpers/staff prefer that they be attached.  It is easier for us/them to work with the logs as *.txt attachments.
As @AdvancedSetup would the one to help you here in this sub-forum, I specifically asked HERE that they be attached, as I know that is his preference.:)

They needed to be re-run anyway, in Windows Normal Mode, rather than Safe Mode. So I hope it was not too much trouble for you.

It's not a big deal for us.
We're just asking that you help us to help you in the most efficient way possible.
(To that end, there is no need to zip/archive the logs, either.  Attaching the 3 native *.txt files normally suffices. The 3 files are FRST.txt, Addition.txt and CheckResults.txt.  Unless the file is too large or unless one's helper specifically requests a "zip" or other archived/compressed file, there's no need to go through that extra step for you or for the helper to unzip them.)

Please wait for @AdvancedSetup to assist you.

Thank you again.

Link to post
Share on other sites

  • Root Admin

The logs indicate some minor things that I'd personally probably recommend removal or updates for but certainly not for the issues you're experiencing.

+I recently ran chkdsk on reboot to fix damaged indexes. During the process, the system BSOD's multiple times with the error CRITICAL_SERVICE_FAILED before finally finishing the process and restarting normally.

It is nearly impossible to have an error during the CHKDSK process. I'm not saying it's not possible only that in 20 years of computer support I've never had chkdsk crash without there being some type of hardware issue. There are many reports and concerns about the installation or validity of the Windows install but Autochk.exe is run on the system volume when called by Chkdsk.exe by the Windows Session Manager during operating system initialization which can take the volume offline to repair and thus in general is not dependent on the Windows installation for the most part. Obviously if the Windows OS is so corrupted files cannot be located or disk structure has become corrupted then the checking utility as well can run into issues running.

I would recommend that you check the hard drive for possible failure or impending failure. Check in your Device Manager to see what type of disk you have and then get a utility from the Manufacturer to test the drive.

The following website has some information on it but is getting old and may not be up to date. If you need further assistance in finding the right tool to test please let me know.

http://www.tacktech.com/display.cfm?ttid=287

If the disk passes all tests then I would recommend trying a full disk check again and make sure it does not fail this time.

From an elevated Admin command prompt you can run

CHKDSK   C:  /R

Then press Y to run after restart and restart the computer to let it run.

Once we're sure the disk is okay we can look at some minor clean up if wanted.

On a separate note about software found in your logs. This software is not the cause of any of you're issues that I'm aware of. Only pointing out possible integrity of the company behind it.

 

The company behind this product was found to be stealing the MBAM database.
Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.
Please see the following links and make up your own mind if you want to keep this on your system. If needed, your malware helper can help you remove it.

 


Thanks

 

 

Edited by AdvancedSetup
Link to post
Share on other sites

Greetings,

I preformed several disk checks, one with the manufacturers software, and the others with some 3d party tools I like to use to look at system health. Screen shots of tools are listed below. Checkdsk was then run, and began a complete sweep of the drive on reboot. I fell asleep at this point, so if it crashed I am unaware. It had loaded the user login page upon my waking, however. My problems unfortunately persisted. I decided to start uninstalling potentially conflicting programs. Both Avast and I-Obit have been shown to conflict with League in the past, so I started with them. Uninstallation of both programs had no impact on the observed issues in a normal boot.

After this point, I noticed in the Resource manager that the wait chains for both of the processes outside of safe mode were returning a "waiting for I/O" errors, which lead me to believe there may be some service/startup/software level conflicts either with OS elements or with other processes. In Safe Mode, I disabled all services that do not run in Safe Mode with networking. On normal reboot the inability to load League or Firefox remained due to the same WaitChain errors. However, it seems the graphics card driver is still running on reboot, I'm not sure how that would be at all related to the network failures, but maybe that is the problem?

In spite of this procedure, the problem still persists within a normal windows boot. This lead me to suspect system files may have been corrupted that are forced to run in normal mode but not run in safemode, so I ran the SFC in safe mode. Errors were found and repaired, but not all errors were repaired. I have included the relevant logs from CBS as an attached text file. I was unable to run a SFC on reboot due to unfamiliarity with the syntax for the command.

Any and all advice in how I might proceed would be appreciated.

Thanks for your time,
~Trav

Manufacturer Logs

Western Digital QuickTest Results.png

Western Digital ExtendedTest Results.png

 

3rd Party Logs

HDTune SMART Report

DiskTest.png

HDTune Sector Check
SectorTest.png

HDTune Readspeed Test

5-min Readspeed test.png

Seagate General Drive Stress Test

ThirdPartyTest.png

 

Observed Waitchains
WaitChain - Firefox.jpg

WaitChain - LoL.jpg
 

CBS.log

Edited by Trav
Link to post
Share on other sites

  • Root Admin

I'm sorry. I thought I had replied before but looks like I probably closed all my browser windows to go home before I hit the send button. Since the drive appears to be okay let's go ahead then and scan it for possible junk or threats to clean up.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

Link to post
Share on other sites