PDA

View Full Version : Pop-ups, redirects and slow computer



rune1990
2015-06-14, 23:26
Hi there, trying to fix my daughters slow computer. It's been getting very bad lately, not even able to connect to the internet sometimes.

Sorry, having to post this in two parts, its too big for just the one.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Sollux Captor (administrator) on CASSY-PC on 14-06-2015 13:52:30
Running from C:\Users\Cassy\Desktop
Loaded Profiles: Sollux Captor (Available Profiles: Sollux Captor)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
() C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
() C:\Program Files\015\lxqvbcbiws32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(WN) C:\Program Files (x86)\Wordinator_1.10.0.17\Service\wsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files (x86)\ControlThis Parental Control\CloudNATIONAL.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
() C:\Program Files (x86)\Reg Pro Cleaner\Regprocleaner.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2012-07-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2012-07-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-07] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-22] (COMODO)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-07] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [ComodoFSChrome] => "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2015-02-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-09] (Comodo Security Solutions, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Run: [GoogleChromeAutoLaunch_36970D3059E4608AE74B88E09A7E6CB3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-10] (Google Inc.)
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-06-11] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-03-09]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnfflllt.lnk [2014-07-23]
ShortcutTarget: nnfflllt.lnk -> C:\Users\Cassy\AppData\Local\nnfflllt.exe (No File)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-21] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-07-07] ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
SearchScopes: HKU\S-1-5-21-3775124505-4180658665-910221950-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-3775124505-4180658665-910221950-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-21] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-21] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{45A70356-416B-4B42-8DB5-E3519E992D34}: [NameServer] 81.218.119.5,82.163.142.130
Tcpip\..\Interfaces\{B2A0856A-8ECE-4677-89A0-7FBDCE102A88}: [NameServer] 81.218.119.5,82.163.142.130

FireFox:
========
FF ProfilePath: C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-08-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll [2013-06-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-08-08] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKU\S-1-5-21-3775124505-4180658665-910221950-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF SearchPlugin: C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\searchplugins\google-avast.xml [2014-12-12]
FF Extension: NoScript - C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-21]
FF HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-14]
CHR Extension: (Avast Online Security) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Skype Click to Call) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-09]
CHR Extension: (Google Wallet) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-02-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-21] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-03] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-31] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-31] (Microsoft Corporation)
S2 cae99edb; c:\Program Files (x86)\Super Optimizer\SupOptStats.dll [3117104 2015-06-11] ()
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70872 2015-03-09] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-22] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-22] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-09] (Comodo Security Solutions, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 lxqvbcbiws32; C:\Program Files\015\lxqvbcbiws32.exe [622392 2015-06-14] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)
R2 wsvc_1.10.0.17; C:\Program Files (x86)\Wordinator_1.10.0.17\Service\wsvc.exe [278616 2015-06-11] (WN)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-21] ()
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820952 2015-04-01] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-04-01] (COMODO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126720 2015-04-01] (COMODO)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
R1 wfd_1_10_0_17; C:\Windows\System32\drivers\wfd_1_10_0_17.sys [58240 2015-06-03] (WN)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 13:52 - 2015-06-14 13:54 - 00023299 _____ C:\Users\Cassy\Desktop\FRST.txt
2015-06-14 13:52 - 2015-06-14 13:53 - 05198336 _____ (AVAST Software) C:\Users\Cassy\Desktop\aswMBR.exe
2015-06-14 13:49 - 2015-06-14 13:52 - 00000000 ____D C:\FRST
2015-06-14 13:46 - 2015-06-14 13:46 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-CASSY-PC-Windows-8.1-Pro-(64-bit).dat
2015-06-14 13:40 - 2015-06-14 13:40 - 00002262 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-06-14 13:40 - 2015-06-14 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-14 13:35 - 2015-06-14 13:35 - 02109952 _____ (Farbar) C:\Users\Cassy\Desktop\FRST64.exe
2015-06-14 13:33 - 2015-06-14 13:35 - 04720448 _____ C:\Users\Cassy\Desktop\tweaking.com_registry_backup_setup(1).exe
2015-06-14 13:18 - 2015-06-14 13:18 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\One System Care
2015-06-14 13:11 - 2015-06-14 13:11 - 00003238 _____ C:\WINDOWS\System32\Tasks\RPC
2015-06-14 13:09 - 2015-06-14 13:22 - 00000310 _____ C:\WINDOWS\Tasks\One System CareStartUp.job
2015-06-14 13:09 - 2015-06-14 13:17 - 00000310 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2015-06-14 13:09 - 2015-06-14 13:09 - 00002876 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
2015-06-14 13:09 - 2015-06-14 13:09 - 00002580 _____ C:\WINDOWS\System32\Tasks\One System CareStartUp
2015-06-14 13:09 - 2015-06-14 13:09 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\VOPackage
2015-06-14 13:09 - 2015-06-14 13:09 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-06-14 13:09 - 2015-06-14 13:09 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\15586344-1434301786-E111-984C-DC0EA1FBF0C7
2015-06-14 13:08 - 2015-06-14 13:09 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-06-14 13:08 - 2015-06-14 13:08 - 00003342 _____ C:\WINDOWS\System32\Tasks\One System Care Run Delay
2015-06-14 13:08 - 2015-06-14 13:08 - 00003276 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2015-06-14 13:08 - 2015-06-14 13:08 - 00001090 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-06-14 13:08 - 2015-06-14 13:08 - 00001030 _____ C:\Users\Cassy\Desktop\GUPlayer.lnk
2015-06-14 13:08 - 2015-06-14 13:08 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-06-14 13:08 - 2015-06-14 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare
2015-06-14 13:08 - 2015-06-14 13:08 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-06-14 13:07 - 2015-06-14 13:08 - 00000000 ____D C:\Program Files (x86)\ControlThis Parental Control
2015-06-14 13:07 - 2015-06-14 13:07 - 00026434 _____ C:\WINDOWS\System32\Tasks\CloudNATIONAL
2015-06-14 13:07 - 2015-06-14 13:07 - 00001220 _____ C:\Users\Public\Desktop\Reg Pro Cleaner.lnk
2015-06-14 13:07 - 2015-06-14 13:07 - 00001042 _____ C:\Users\Cassy\Desktop\PepperZip.lnk
2015-06-14 13:07 - 2015-06-14 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Pro Cleaner
2015-06-14 13:07 - 2015-06-14 13:07 - 00000000 ____D C:\Program Files (x86)\Reg Pro Cleaner
2015-06-14 13:06 - 2015-06-14 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-06-14 13:06 - 2015-06-14 13:07 - 00000000 ____D C:\Program Files (x86)\PepperZip
2015-06-14 13:06 - 2015-06-14 13:06 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-06-14 13:06 - 2015-06-14 13:06 - 00000000 ____D C:\Program Files\13
2015-06-14 13:06 - 2015-06-14 13:06 - 00000000 ____D C:\Program Files\015
2015-06-14 13:05 - 2015-06-14 13:05 - 00001739 _____ C:\Users\Cassy\Desktop\Continue Microsoft PowerPoint.lnk
2015-06-14 13:04 - 2015-06-14 13:04 - 00670816 _____ ( ) C:\Users\Cassy\Downloads\Microsoft PowerPoint.exe
2015-06-13 17:17 - 2015-06-09 17:20 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-13 17:17 - 2015-06-09 17:20 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-11 15:31 - 2015-06-14 13:28 - 00003280 _____ C:\WINDOWS\System32\Tasks\Super Optimizer Schedule
2015-06-11 15:31 - 2015-06-11 15:31 - 00000000 ____D C:\Users\Cassy\Documents\Super Optimizer
2015-06-11 15:31 - 2015-06-11 15:31 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Super Optimizer
2015-06-11 15:25 - 2015-06-14 13:28 - 00003116 _____ C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2015-06-11 15:24 - 2015-06-11 15:24 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Nico Mak Computing
2015-06-11 15:22 - 2015-06-14 12:49 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-06-11 15:22 - 2015-06-11 15:22 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2015-06-11 15:22 - 2015-06-11 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
2015-06-11 15:22 - 2015-06-11 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-06-11 15:22 - 2015-06-11 15:22 - 00000000 ____D C:\Program Files (x86)\Wordinator_1.10.0.17
2015-06-11 15:22 - 2015-06-11 15:22 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector
2015-06-11 15:22 - 2015-03-17 11:03 - 00020480 _____ C:\WINDOWS\system32\wsusnative64.exe
2015-06-11 15:16 - 2015-06-11 15:17 - 00736552 _____ (Web Application ) C:\Users\Cassy\Downloads\Malavida_Download_Manager(1).exe
2015-06-11 15:05 - 2015-06-14 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-10 03:30 - 2015-06-10 03:45 - 00000000 ____D C:\6b423640a31629c8fbf21cb2
2015-06-09 17:30 - 2015-06-09 17:30 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-09 17:30 - 2015-04-08 18:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 17:24 - 2015-06-09 17:24 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 17:20 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 17:20 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 17:20 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 17:20 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 17:20 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 17:13 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 17:13 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 17:13 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 17:13 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 17:13 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 17:13 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 17:13 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 17:13 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 17:13 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 17:13 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 17:13 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 17:13 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 17:13 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 17:13 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 17:13 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 17:13 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 17:13 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 17:12 - 2015-06-09 17:13 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 17:12 - 2015-06-09 17:12 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 17:12 - 2015-06-09 17:12 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 17:12 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 17:12 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 17:10 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-03 13:06 - 2015-06-03 13:06 - 00058240 _____ (WN) C:\WINDOWS\system32\Drivers\wfd_1_10_0_17.sys
2015-05-30 18:42 - 2015-04-21 20:37 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-19 14:56 - 2015-05-19 14:56 - 11408411 _____ C:\Users\Cassy\Desktop\Brockville Tourism.rar
2015-05-19 14:55 - 2015-05-18 16:31 - 11408330 _____ C:\Users\Cassy\Desktop\Brockville Tourism.odp
2015-05-16 19:09 - 2015-05-16 19:09 - 00000000 ____D C:\Users\Cassy\AppData\Local\CrashDumps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 13:48 - 2012-07-07 06:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-14 13:46 - 2014-04-02 02:09 - 01383140 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-14 13:45 - 2013-01-16 23:03 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3775124505-4180658665-910221950-1001
2015-06-14 13:40 - 2014-03-29 19:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-14 13:32 - 2014-04-02 16:01 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2F252FFC-BBA2-4DB2-9694-0C83F154B9BB}
2015-06-14 13:32 - 2013-01-03 13:45 - 00000000 ____D C:\Users\Cassy\AppData\Local\Adobe
2015-06-14 13:24 - 2012-07-07 07:01 - 01359738 _____ C:\WINDOWS\system32\fastboot.set
2015-06-14 13:24 - 2012-07-07 06:57 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-14 13:24 - 2012-07-07 06:43 - 00000000 ____D C:\ProgramData\VeriFace
2015-06-14 13:22 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-14 13:22 - 2012-12-25 21:57 - 00548404 _____ C:\FaceProv.log
2015-06-14 13:21 - 2013-08-22 10:46 - 00450289 _____ C:\WINDOWS\setupact.log
2015-06-14 13:17 - 2014-03-29 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-14 13:17 - 2013-11-14 03:20 - 01057778 _____ C:\WINDOWS\PFRO.log
2015-06-14 13:11 - 2014-11-14 18:21 - 00067500 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-06-14 13:11 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-14 13:10 - 2012-12-25 19:47 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Skype
2015-06-14 13:08 - 2014-05-17 12:48 - 00000000 __SHD C:\Users\Cassy\AppData\Local\EmieUserList
2015-06-14 13:08 - 2014-05-17 12:48 - 00000000 __SHD C:\Users\Cassy\AppData\Local\EmieSiteList
2015-06-14 13:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-13 20:47 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-13 17:15 - 2013-08-22 10:44 - 05047064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 17:10 - 2014-12-14 11:20 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-13 17:10 - 2014-07-12 15:12 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-13 17:10 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-13 17:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-11 15:13 - 2014-02-27 17:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 15:12 - 2012-07-07 06:54 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-11 15:08 - 2013-11-14 03:17 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-11 15:07 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-10 03:51 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-10 03:45 - 2014-03-04 16:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 03:30 - 2013-02-20 20:54 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 00:54 - 2012-07-07 06:57 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 17:24 - 2013-11-14 03:23 - 02473472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-06-09 13:41 - 2014-03-29 19:03 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-03 19:22 - 2014-09-22 15:24 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-05-31 18:38 - 2014-02-09 11:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-30 20:35 - 2015-04-08 17:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-30 20:35 - 2015-04-08 17:40 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-30 20:25 - 2014-04-02 01:44 - 00000000 ____D C:\Users\Cassy
2015-05-30 18:43 - 2014-11-16 11:47 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-30 18:42 - 2014-09-21 21:14 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-05-30 18:34 - 2014-09-22 15:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2015-05-30 18:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-05-30 18:34 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-05-30 18:34 - 2013-06-23 17:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-30 18:34 - 2012-12-25 21:59 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-05-30 18:34 - 2012-12-25 10:04 - 00000000 ____D C:\ProgramData\Energy Management
2015-05-30 18:34 - 2012-07-07 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-30 18:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration
2015-05-17 04:43 - 2012-07-07 06:57 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 04:43 - 2012-07-07 06:57 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 21:42 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-05-15 18:34 - 2014-03-01 19:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-15 18:34 - 2014-03-01 19:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 18:32 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(22)
2015-05-15 18:30 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-15 18:29 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2014-02-23 11:51 - 2014-03-24 15:51 - 0000089 _____ () C:\Users\Cassy\AppData\Roaming\WB.CFG
2014-07-23 18:22 - 2014-09-14 18:35 - 0196608 _____ () C:\Users\Cassy\AppData\Local\nnfflllt.gdb
2014-07-23 18:22 - 2014-09-14 18:35 - 1092180 _____ () C:\Users\Cassy\AppData\Local\nnfflllt.gss
2013-08-08 19:04 - 2013-08-08 19:04 - 0000218 _____ () C:\Users\Cassy\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Cassy\AppData\Local\Temp\dlLogic.exe
C:\Users\Cassy\AppData\Local\Temp\spstub.exe
C:\Users\Cassy\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-06 04:28

==================== End of log ============================

ken545
2015-06-15, 16:10
:snwelcome:

There should be an Additions log when you ran FRST, it will be on your desktop, post it please

rune1990
2015-06-15, 18:43
Sorry, I couldn't fit it all in one and didn't want to mess up by posting twice on my own thread before someone was able to have a look :)

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Sollux Captor at 2015-06-14 13:58:52
Running from C:\Users\Cassy\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3775124505-4180658665-910221950-500 - Administrator - Disabled)
Guest (S-1-5-21-3775124505-4180658665-910221950-501 - Limited - Disabled)
Sollux Captor (S-1-5-21-3775124505-4180658665-910221950-1001 - Administrator - Enabled) => C:\Users\Cassy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: COMODO Antivirus (Disabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.0.213 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{71CE3EA7-7F86-9C09-9E2D-F280FD66DAB5}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Autodesk SketchBook Express 6.0.1 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.01.0000 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.34.0 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions Ã* distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
ControlThis Parental Control version 1.3 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.3 - www.ControlThis.co)
coupoon (HKLM\...\13) (Version: 2.0.1 - coupoon) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.3 - Lenovo)
Energy Management (x32 Version: 7.0.3.3 - Lenovo) Hidden
Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)
Fable - The Lost Chapters (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GeekBuddy (HKLM\...\{266FA04F-F0FA-4F7A-AA1E-387A57F579F2}) (Version: 4.19.131 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GUPlayer (remove only) (HKLM-x32\...\GUPlayer) (Version: - )
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.204.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 10.4.2.8 - ELAN Microelectronic Corp.)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LockKey (HKLM-x32\...\InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}) (Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
One System Care (HKLM-x32\...\OneSystemCare) (Version: 2.00.00.1 - OneSystemCare)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PepperZip 2.0 (HKLM-x32\...\PepperZip) (Version: 2.0 - PepperWare Co.Ltd.) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39016 - Realtek Semiconductor Corp.)
Reg Pro Cleaner version 2.0 (HKLM-x32\...\{6406DF9F-E9C8-4C2E-AB48-80352BDF5099}_is1) (Version: 2.0 - Regprocleaner)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skypeâ„¢ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0.3) (Version: 2.0.3 - Sparkol)
Sparkol VideoScribe (x32 Version: 2.0.3 - Sparkol) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFF 0.31 (HKLM-x32\...\WinFF_is1) (Version: - BiggMatt Software)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.15248 - WinZip International LLC)
Wordinator 1.10.0.17 (HKLM-x32\...\Wordinator_1.10.0.17) (Version: 1.10.0.17 - Wordinator)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3775124505-4180658665-910221950-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points =========================

28-05-2015 17:11:49 Scheduled Checkpoint
30-05-2015 18:09:47 Restore Operation
08-06-2015 05:43:32 Scheduled Checkpoint
11-06-2015 06:50:05 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-04-23 21:46 - 00450042 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06FD72E0-B7F5-4481-9E32-AB153D85EB87} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {0B463A0A-17A0-4650-AED7-03D2E8EEA61A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {104291FF-B9B0-44A7-A256-278554C176A7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1A0CEFF4-C5AA-4604-9F10-13B6F4C27205} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-22] (COMODO)
Task: {1E140FA9-B1A4-4B9F-858E-725768F347C8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {2832FD8D-C835-4C18-A1AD-75D7DCFCF79B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-rune1990@live.ca => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {296F877A-5327-443B-BF69-872E91335096} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {2DEF782B-D8BE-4894-B504-B5DFFDE59BDB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {37259E39-5F2A-4337-B380-09A4FA91EFC2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {4C55C545-946E-4194-B536-254315987D22} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {640F5D1C-CF6F-4A47-8DDC-4C4F0F33D691} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-22] (COMODO)
Task: {64981D5F-BEBE-4F0E-B446-E92665F8B85E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {69D4A224-5C90-4079-B41F-B4828209B079} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-21] (Avast Software s.r.o.)
Task: {6A07E41D-F757-4D5C-9390-F9487E70C798} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {6E482111-D9BD-43A5-AE3B-E82D9C3A105E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {7014F7AD-A234-48B4-9BF3-A9A76EA55D99} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-04-14] (Microsoft Corporation)
Task: {7C0036E9-069A-4F40-976F-5F47C4F37D44} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-06-14] ()
Task: {835E7E47-7452-42A4-BC25-1E2FBFC9D470} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2015-06-11] (Nico Mak Computing)
Task: {852E483A-C9BB-4D32-9F80-D2E65FD4B8BA} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-22] (COMODO)
Task: {86BED227-9352-4481-A62F-65DC94099715} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8832F513-8E63-4838-BE4E-5F7E958A23B4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8A01650D-B411-4543-9066-9C831AA659AE} - System32\Tasks\One System CareStartUp => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-06-14] ()
Task: {8D188661-AB09-44C3-BE9E-2CA8A9871CD6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {8EE55EA4-FA9C-4E58-9DEE-32CDD918A61B} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-06-14] ()
Task: {8F867ECB-C842-405B-A5DF-A9B92EAEC00C} - System32\Tasks\{3156708E-5FAA-47EF-8BC2-B06DB0E1FFC7} => pcalua.exe -a F:\autorun.exe -d F:\
Task: {9344402E-D270-4F6C-AF87-5ED4742B662E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9A0AC698-B752-4229-804A-3B3EF46DF35C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A331127C-BE50-4169-9E22-7166FE01E29C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A3950791-FCCE-4972-A085-CE0BFFF01425} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {A6FF5E53-264B-42BC-BE8E-9A443B06B3BA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AD37A6B8-5CC4-4029-9053-9A6522A1ECE7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B0C6DB0D-50FF-49EE-8A4B-D9813EA39CCB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B20AB872-D29A-4C61-A0B7-359F5BABCC53} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {B7FD7B23-8BFA-430C-938C-36510D68067D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {BB31DCC1-EFC4-49DE-8146-63B81F79654C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {BC260A64-8CB4-4A5F-A864-BEBADA69E2D2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C045A651-C0D9-409C-A123-AA02A9E29399} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {C09C23D2-0AFF-422C-971D-775973DE028E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C2DFD5E6-FAE9-41D3-976B-D85CD810234E} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-06-11] () <==== ATTENTION
Task: {C4907BFF-3E85-4F43-A836-DF4BF6C63375} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {C6D444CE-202E-41AF-B8C8-E85B2F7206F2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C7511D35-7538-4331-AEA4-CD9870D8949A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {C7557BA0-5A1C-40E9-9163-3775719C3BCA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {C860CB65-7A3D-4E3D-A9A6-75DB3C0A6BDC} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-06-14] ()
Task: {CBA807A4-31E8-4E90-9BE6-DD537452AA06} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-22] (COMODO)
Task: {D07F8FDC-1CCE-4F14-B680-D86C144CA2D8} - System32\Tasks\RPC => C:\Program Files (x86)\Reg Pro Cleaner\Regprocleaner.exe [2015-05-13] () <==== ATTENTION
Task: {D309F93E-2C83-47D1-B7D6-72F7D22E4B44} - System32\Tasks\CloudNATIONAL => C:\Program Files (x86)\ControlThis Parental Control\CloudNATIONAL.exe [2015-06-14] ()
Task: {D523D4C3-2647-4570-956D-8E296F7BFFD7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E525F02D-E54D-4216-BA7B-A818A9A47231} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-22] (COMODO)
Task: {E53C706F-7980-48A7-8109-3061E58DA8F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {E8AE15AA-4ED3-4E2F-BD9E-8FAC5C7E44F0} - System32\Tasks\{0D8FE54C-72F8-41EA-AB72-057B02AA7191} => pcalua.exe -a C:\Users\Cassy\Desktop\PaintToolSAI\sai.exe -d C:\Users\Cassy\Desktop
Task: {E9D0919E-020C-423A-8EA9-BB6CD634D4D0} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-22] (COMODO)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
Task: C:\WINDOWS\Tasks\One System CareStartUp.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-05-12 11:57 - 2015-06-14 13:08 - 00483648 _____ () C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
2013-07-31 22:36 - 2013-07-31 22:36 - 03359088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2014-12-25 07:49 - 2014-12-25 07:49 - 00121344 _____ () C:\Program Files (x86)\PepperZip\shell\PPZShellExtension_x64.dll
2015-04-07 05:12 - 2015-06-14 13:06 - 00622392 _____ () C:\Program Files\015\lxqvbcbiws32.exe
2013-04-15 18:39 - 2015-01-08 18:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-06-11 15:22 - 2015-06-11 15:22 - 00951344 _____ () C:\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe
2008-12-20 06:20 - 2012-07-07 07:00 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-02-21 16:06 - 2012-07-07 07:00 - 01490944 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2013-07-05 14:20 - 2012-11-14 08:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2008-12-20 06:20 - 2012-07-07 06:59 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-07-04 22:33 - 2014-07-04 22:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-06-14 13:07 - 2015-06-14 13:08 - 00534528 _____ () C:\Program Files (x86)\ControlThis Parental Control\CloudNATIONAL.exe
2015-06-14 13:07 - 2015-05-13 15:54 - 01497040 _____ () C:\Program Files (x86)\Reg Pro Cleaner\Regprocleaner.exe
2015-06-14 13:07 - 2015-05-13 15:54 - 00014848 _____ () C:\Program Files (x86)\Reg Pro Cleaner\en\Regprocleaner.resources.dll
2015-04-21 20:36 - 2015-04-21 20:36 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-21 20:35 - 2015-04-21 20:35 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-13 15:36 - 2015-06-13 15:36 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061301\algo.dll
2015-06-11 15:22 - 2015-06-11 15:22 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2015-06-11 15:22 - 2015-06-11 15:22 - 01717960 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2014-05-21 18:03 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-21 18:03 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-21 18:03 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-21 18:03 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2015-04-21 20:36 - 2015-04-21 20:36 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdhdl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdmiracast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdocl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\baaupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdechangepin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\change.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chglogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgport.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgusr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coinst_13.251.9001.1001.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CscMig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddpchunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddptrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddputils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddp_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\embeddedapplauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EmbeddedAppLauncherConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveprompt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KeyboardFilterSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoff.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenVideo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OVDecode64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistAD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistCacheProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistCleaner.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistHttpTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pmcsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ppcsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintBrmUi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qappsrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qprocess.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\query.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quser.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwinsta.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rwinsta.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tscfgwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tscon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsdiscon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tskill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID

rune1990
2015-06-15, 18:44
AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdhdl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdpcom32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiadlxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticaldd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticfx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atidxx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atigktxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atimpc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atioglxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiu9pag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdva.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiuxpag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenVideo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OVDecode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ati2erec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmdag.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmpag.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\csc.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Cassy\Desktop\aswMBR.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\aswMBR.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Desktop\tumblr_n3ho4gjA091qktgxso1_1280.png:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Desktop\tweaking.com_registry_backup_setup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\tweaking.com_registry_backup_setup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\camtasia.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\camtasia.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\Malavida_Download_Manager(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\Malavida_Download_Manager(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\Malavida_Download_Manager.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\Malavida_Download_Manager.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\Microsoft PowerPoint.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\Microsoft PowerPoint.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\Office_2013_EN.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\spybot-2.4.exe.part:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 81.218.119.5 - 82.163.142.130

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "BambooCore"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\StartupFolder: => "nnfflllt.lnk"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_36970D3059E4608AE74B88E09A7E6CB3"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "nnfflllt"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [UDP Query User{90C8FD93-8CA0-44CC-BEBB-8F04AA96C654}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{E8E0F5E1-5411-4DAE-BA30-078FB3DB87A7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{1A5BC594-3E42-4FC4-B8F2-3CFE9920339F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{0B3FA924-0A3B-44B6-847A-1E98AF1A2814}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3CA0F7EE-055C-4BAA-9F00-FDF2FEE3C917}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7B6A0852-1125-4998-922F-0DC9887D9D0C}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\ibtmp90bb489\component_514
FirewallRules: [{CECD2451-F4CA-4C9C-83B6-A88FDE2D2EC8}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\ibtmp90bb489\component_514
FirewallRules: [{55BB23C6-F4DF-4B21-8307-E2D75D019D14}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\pcp_conduit_setup.exe
FirewallRules: [{48E6E930-E62D-4153-93B0-3BF0079CB0ED}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\pcp_conduit_setup.exe
FirewallRules: [{181F99B9-A961-48AA-B7D2-E8EF9E2BB89F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{FC3CC8E9-CC9E-4183-9D1E-E83CE53C3140}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4C4349CA-C49E-4FCF-B6A5-4956ACEBBDAB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CFAE0B6A-803E-4670-8AAF-71E86BDBDEBE}] => (Allow) LPort=2869
FirewallRules: [{8DAB111B-0FD6-4599-9914-386375D29197}] => (Allow) LPort=1900
FirewallRules: [{9E19D17F-F1D5-4489-BD2B-165758D3FD6A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{050976CF-DDF8-4658-A768-A77ED0852D15}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{56950948-101D-4358-A989-CE70D785B52A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B94C1C5A-5EA5-4108-BA72-DF4ED7234084}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A054E8CC-D6E5-494C-A413-14F7763DF69D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{4FA77159-96F3-4514-BA96-A0E35607ADCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{99286920-640E-42E2-BB0E-11D2AB26ECE8}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{82FA0BEF-C6EB-42C4-A024-09228D704C2B}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{4B1B5B03-7554-458D-919F-770525DEA53D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F078BE23-B1C7-4B98-853C-E5B53B884054}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{74F78ED1-D17C-485C-848C-5C106FA96434}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{08EAFC25-1D2D-433A-BAC0-5C06D12CE23B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6A8FD5DB-0DFD-428E-8B04-E5802A2A8AC6}] => (Allow) LPort=8317
FirewallRules: [{E29EBDD2-EEAA-4242-994E-E99307A29EF0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{813DA85A-6EF4-45C8-B2F0-E4EFBF89F053}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E6346685-FCDC-49B2-9E67-F2C221380C7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2015 01:22:58 PM) (Source: SDFSSvc.exe) (EventID: 0) (User: )
Description: The service process could not connect to the service controller

Error: (06/12/2015 04:57:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/12/2015 04:57:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/11/2015 06:54:25 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0

Error: (06/11/2015 06:53:14 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/11/2015 06:53:14 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/10/2015 03:18:13 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0

Error: (06/09/2015 04:44:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/09/2015 04:44:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/07/2015 05:49:18 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0


System errors:
=============
Error: (06/14/2015 01:22:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SuperOptimizer Stats service to connect.

Error: (06/14/2015 01:21:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.

Error: (06/14/2015 01:21:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (06/14/2015 01:20:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DcomLaunch service.

Error: (06/14/2015 01:20:18 PM) (Source: DCOM) (EventID: 10010) (User: Cassy-PC)
Description: {C288AC5A-D846-4696-8028-2DF6F508D0D9}

Error: (06/14/2015 01:20:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BrokerInfrastructure service.

Error: (06/14/2015 01:18:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2015 01:18:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Conexant Audio Message Service service terminated with the following error:
%%2147500053

Error: (06/14/2015 01:18:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SuperOptimizer Stats service to connect.

Error: (06/14/2015 01:11:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062


Microsoft Office:
=========================
Error: (06/14/2015 01:22:58 PM) (Source: SDFSSvc.exe) (EventID: 0) (User: )
Description: The service process could not connect to the service controller

Error: (06/12/2015 04:57:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/12/2015 04:57:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/11/2015 06:54:25 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0

Error: (06/11/2015 06:53:14 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/11/2015 06:53:14 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/10/2015 03:18:13 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0

Error: (06/09/2015 04:44:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/09/2015 04:44:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/07/2015 05:49:18 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0


CodeIntegrity Errors:
===================================
Date: 2015-06-14 13:55:45.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-14 13:30:11.245
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-14 13:21:59.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-14 13:17:27.537
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-14 13:04:45.804
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-14 12:48:53.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-13 17:15:33.685
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-13 15:22:14.979
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-13 09:19:48.029
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-13 03:17:25.504
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 3689.36 MB
Available physical RAM: 1879.8 MB
Total Pagefile: 7401.36 MB
Available Pagefile: 4651.63 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:252.89 GB) (Free:172.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:23.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AF23A0F5)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=252.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End of log ============================

rune1990
2015-06-15, 18:47
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-06-14 15:18:32
-----------------------------
15:18:32.672 OS Version: Windows x64 6.2.9200
15:18:32.673 Number of processors: 2 586 0x200
15:18:32.676 ComputerName: CASSY-PC UserName:
15:18:34.261 Initialize success
15:18:34.347 VM: initialized successfully
15:18:34.351 VM: Amd CPU supported virtualized
15:18:41.236 AVAST engine defs: 15061301
15:19:00.559 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
15:19:00.567 Disk 0 Vendor: WDC_WD3200BPVT-24JJ5T0 01.01A01 Size: 305245MB BusType: 11
15:19:00.753 Disk 0 MBR read successfully
15:19:00.767 Disk 0 MBR scan
15:19:00.783 Disk 0 Windows 7 default MBR code
15:19:00.839 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
15:19:00.873 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 258963 MB offset 411648
15:19:00.934 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 26080 MB offset 530767872
15:19:00.960 Disk 0 Partition 4 00 12 Compaq diag NTFS 20001 MB offset 584179712
15:19:01.042 Disk 0 scanning C:\WINDOWS\system32\drivers
15:19:21.912 Service scanning
15:20:05.419 Modules scanning
15:20:05.448 Disk 0 trace - called modules:
15:20:05.479 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys storahci.sys hal.dll
15:20:05.498 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000d01cc060]
15:20:05.514 3 CLASSPNP.SYS[fffff8000cb94170] -> nt!IofCallDriver -> \Device\00000028[0xffffe000cfd89060]
15:20:06.947 AVAST engine scan C:\WINDOWS
15:20:11.857 AVAST engine scan C:\WINDOWS\system32
15:29:04.516 AVAST engine scan C:\WINDOWS\system32\drivers
15:29:50.024 AVAST engine scan C:\Users\Cassy
15:41:27.154 File: C:\Users\Cassy\AppData\Local\Temp\n134\winfixpro_0501SY-7195474e.exe **INFECTED** Win32:Dropper-gen [Drp]
15:45:32.148 AVAST engine scan C:\ProgramData
15:50:04.524 File: C:\ProgramData\Comodo\Cis\Quarantine\data\{BD723316-6FBE-4823-8896-E5DFE3C5062D} **INFECTED** Win32:Dropper-gen [Drp]
15:56:21.007 Disk 0 statistics 4580781/0/0 @ 1.66 MB/s
15:56:21.079 Scan finished successfully
15:59:18.180 Disk 0 MBR has been saved successfully to "C:\Users\Cassy\Desktop\MBR.dat"
15:59:18.197 The log file has been saved successfully to "C:\Users\Cassy\Desktop\aswMBR.txt"

ken545
2015-06-15, 21:10
Lets run these programs and go from there, be sure to post the log from each one




-AdwCleaner-by Xplode


Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) To your Desktop
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers




Do not click on any links in the top Advertisment.


http://i24.photobucket.com/albums/c30/ken545/AdwCleaner4.201_zpsxrbk2llq.jpg (http://s24.photobucket.com/user/ken545/media/AdwCleaner4.201_zpsxrbk2llq.jpg.html)




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.






===============================================================================




http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.








===============================================================================


Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop. <---------




Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"





http://i24.photobucket.com/albums/c30/ken545/MBAM2010601022_zpsyvzbaddn.jpg (http://s24.photobucket.com/user/ken545/media/MBAM2010601022_zpsyvzbaddn.jpg.html)




On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

rune1990
2015-06-19, 02:28
Here's the scan results from the ADW scan and clean. Working on the other scans right now and will post them soon, sorry for the delay.

# AdwCleaner v4.206 - Logfile created 18/06/2015 at 17:54:19
# Updated 01/06/2015 by Xplode
# Database : 2015-06-17.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Sollux Captor - CASSY-PC
# Running from : C:\Users\Cassy\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : lxqvbcbiws32
[#] Service Deleted : cae99edb

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AdTrustMedia
Folder Deleted : C:\ProgramData\8220e809cb04b415
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare
Folder Deleted : C:\Program Files (x86)\PepperZip
Folder Deleted : C:\Program Files (x86)\WinZip Malware Protector
Folder Deleted : C:\Program Files (x86)\Super Optimizer
Folder Deleted : C:\Program Files (x86)\GUPlayer
Folder Deleted : C:\Program Files (x86)\ControlThis Parental Control
Folder Deleted : C:\Program Files (x86)\OneSystemCare
Folder Deleted : C:\Program Files (x86)\Wordinator_1.10.0.17
Folder Deleted : C:\Program Files\015
Folder Deleted : C:\Users\Cassy\AppData\Local\AdTrustMedia
Folder Deleted : C:\Users\Cassy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Cassy\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Cassy\AppData\Roaming\Super Optimizer
Folder Deleted : C:\Users\Cassy\AppData\Roaming\One System Care
Folder Deleted : C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
Folder Deleted : C:\Users\Cassy\Documents\Super Optimizer
Folder Deleted : C:\Users\Cassy\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
File Deleted : C:\Users\Cassy\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
File Deleted : C:\Users\Cassy\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal
File Deleted : C:\Users\Public\Desktop\GeekBuddy.lnk
File Deleted : C:\Users\Public\Desktop\Launch One System Care.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
File Deleted : C:\WINDOWS\System32\wsusnative64.exe
File Deleted : C:\Users\Cassy\Desktop\PepperZip.lnk

***** [ Scheduled tasks ] *****

Task Deleted : Super Optimizer Schedule
Task Deleted : WinZip Malware Protector_startup
Task Deleted : One System CareStartUp
Task Deleted : One System CarePeriod
Task Deleted : One System Care Run Delay
Task Deleted : One System Care Monitor
Task Deleted : CloudNATIONAL
Task Deleted : RPC

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Super Optimizer]
Key Deleted : HKCU\Software\Classes\PepperZip
Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Key Deleted : HKLM\SOFTWARE\d141a1c9-6d08-821a-1b8f-0ec96b9a979d
Key Deleted : HKCU\Software\PepperZip
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\One System Care
Key Deleted : HKCU\Software\PRODUCTSETUP
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GeekBuddyRSP
Key Deleted : HKLM\SOFTWARE\Wordinator_1.10.0.17
Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZip Malware Protector_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wordinator_1.10.0.17
Key Deleted : [x64] HKLM\SOFTWARE\coupoon

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.124

[C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Comodo Dragon v36.1.1.21

[C:\Users\Cassy\AppData\Local\Comodo\Dragon\User Data\Default\Preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja

*************************

AdwCleaner[R0].txt - [5404 bytes] - [18/06/2015 17:43:22]
AdwCleaner[R1].txt - [5463 bytes] - [18/06/2015 17:50:35]
AdwCleaner[S0].txt - [5337 bytes] - [18/06/2015 17:54:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5396 bytes] ##########

rune1990
2015-06-19, 03:13
Results from the JRT clean


~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_36970D3059E4608AE74B88E09A7E6CB3



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wfd_1_10_0_17 [Adware.Vitruvian]



~~~ Files

Successfully deleted: [File] C:\Users\Cassy\appdata\local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Successfully deleted: [File] C:\Users\Cassy\appdata\local\google\chrome\user data\default\local storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
Successfully deleted: [File] C:\WINDOWS\system32\drivers\wfd_1_10_0_17.sys [Adware.Vitruvian]



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Cassy\appdata\local\{0A273C4D-DF8B-49F2-A8BA-66BA4D9C8BE7}
Successfully deleted: [Empty Folder] C:\Users\Cassy\appdata\local\{2BBF9318-EECE-413B-801E-2E95A3828EAD}
Successfully deleted: [Empty Folder] C:\Users\Cassy\appdata\local\{3D039869-5794-470A-9A94-AE08021B3CD9}
Successfully deleted: [Empty Folder] C:\Users\Cassy\appdata\local\{575AD6DA-9061-4EAF-B58C-4BB8355C943E}
Successfully deleted: [Empty Folder] C:\Users\Cassy\appdata\local\{5D5DA91C-41B9-4C9A-9B77-75B2C65338C1}
Successfully deleted: [Empty Folder] C:\Users\Cassy\appdata\local\{765E671B-0672-4BD5-989B-7A69A05F26C9}
Successfully deleted: [Empty Folder] C:\Users\Cassy\appdata\local\{8A92DA8D-5150-4FAC-B65C-6FBE472A66AF}
Successfully deleted: [Empty Folder] C:\Users\Cassy\appdata\local\{9F750163-9A54-4109-A874-22CF70FB7CD7}
Successfully deleted: [Empty Folder] C:\Users\Cassy\appdata\local\{AE31A7B5-AFFC-4915-B41B-C310F317C1C6}
Successfully deleted: [Empty Folder] C:\Users\Cassy\appdata\local\{B099A2D3-B2CA-4709-AF4B-0EA8F15BE381}
Successfully deleted: [Folder] C:\Program Files (x86)\reg pro cleaner
Successfully deleted: [Folder] C:\Program Files\13
Successfully deleted: [Folder] C:\Users\Cassy\appdata\local\cre
Successfully deleted: [Folder] C:\Users\Cassy\appdata\locallow\company
Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin
Successfully deleted: [Folder] C:\Users\Cassy\AppData\Roaming\15586344-1434301786-E111-984C-DC0EA1FBF0C7 [Adware.BrowseFox.svc]



~~~ FireFox




~~~ Chrome


[C:\Users\Cassy\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Cassy\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Cassy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Cassy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/18/2015 at 20:05:06.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

rune1990
2015-06-19, 04:30
And finally, here is the Malwarebytes log. Thanks for being so patient!

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/18/2015
Scan Time: 8:22:21 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.18.06
Rootkit Database: v2015.06.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sollux Captor

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370514
Time Elapsed: 43 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 14
PUP.Optional.Coupoon.C, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\13, , [a48a79438bff3afcaef47419ae575aa6],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [66c82b913951af8770683e51ea1be41c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, , [88a6f6c6c9c1f4425dd3800ed62fcf31],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [77b7a5178a0030068f492a65dc29768a],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [80ae9a224d3d0036deffc5ccc441c33d],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-19\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [d6587b41e5a58caac716702126df57a9],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [b37b5666d6b494a2fbe2c9c884812dd3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1F0CBECF-3957-4426-A64F-9C8EAFE99419}, , [e34b4a723a504aec07f03557be47847c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23847E21-D5B9-4805-8E5B-1BBE6D86DA39}, , [ec42fcc0addd67cfcd2b1f6d14f1ef11],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C5F262E-A2E2-4F63-AFAE-8EABD693495B}, , [121c3983d2b8ac8a54a4424a30d532ce],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{521BB13A-AD81-4869-BFAF-98437953F64B}, , [3df1aa125e2c7cbaa355e3a935d02dd3],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{954B857D-F259-4D02-B418-683570F9111F}, , [85a9615bcbbf80b646b1315b15f00ef2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B47489EC-8918-473D-A7AE-CD27D23818B9}, , [8ba3c8f42b5f7fb7f503bdcf6f96dd23],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6CF01FF-CD20-4883-B693-BA7371EDF867}, , [f93526960d7dc1752ec9711be81d9a66],

Registry Values: 10
PUP.Optional.Coupoon.C, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\13|DisplayName, coupoon, , [a48a79438bff3afcaef47419ae575aa6]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [66c82b913951af8770683e51ea1be41c]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [77b7a5178a0030068f492a65dc29768a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1F0CBECF-3957-4426-A64F-9C8EAFE99419}|AppName, The weDownload Manager-enabler.exe-buttonutil.exe, , [e34b4a723a504aec07f03557be47847c]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23847E21-D5B9-4805-8E5B-1BBE6D86DA39}|AppName, The weDownload Manager-enabler.exe-codedownloader.exe, , [ec42fcc0addd67cfcd2b1f6d14f1ef11]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C5F262E-A2E2-4F63-AFAE-8EABD693495B}|AppName, The weDownload Manager-enabler.exe-codedownloader.exe, , [121c3983d2b8ac8a54a4424a30d532ce]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{521BB13A-AD81-4869-BFAF-98437953F64B}|AppName, The weDownload Manager-enabler.exe-codedownloader.exe, , [3df1aa125e2c7cbaa355e3a935d02dd3]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{954B857D-F259-4D02-B418-683570F9111F}|AppName, The weDownload Manager-enabler.exe-buttonutil.exe, , [85a9615bcbbf80b646b1315b15f00ef2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B47489EC-8918-473D-A7AE-CD27D23818B9}|AppName, The weDownload Manager-enabler.exe-codedownloader.exe, , [8ba3c8f42b5f7fb7f503bdcf6f96dd23]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3775124505-4180658665-910221950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C6CF01FF-CD20-4883-B693-BA7371EDF867}|AppName, The weDownload Manager-enabler.exe-buttonutil.exe, , [f93526960d7dc1752ec9711be81d9a66]

Registry Data: 2
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{45A70356-416B-4B42-8DB5-E3519E992D34}|NameServer, 81.218.119.5,82.163.142.130, Good: (), Bad: (81.218.119.5,82.163.142.130),,[bc72c1fb701adc5aa434f85134d259a7]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{B2A0856A-8ECE-4677-89A0-7FBDCE102A88}|NameServer, 81.218.119.5,82.163.142.130, Good: (), Bad: (81.218.119.5,82.163.142.130),,[e648e8d4eb9f38fe34a4e960aa5cf20e]

Folders: 0
(No malicious items detected)

Files: 19
PUP.Optional.DownloadAdmin, C:\ProgramData\Comodo\Cis\Quarantine\data\{033BC488-B6DD-410B-A8D7-A508D85EA852}, , [74ba229aa4e69d9995e15208b34d7789],
PUP.Optional.Installcore, C:\ProgramData\Comodo\Cis\Quarantine\data\{1DD2E539-FC75-4C80-8D59-46F7C64065E7}, , [9599dfddcbbf6fc7e873b5cef90dd927],
PUP.Optional.LinkWiz.A, C:\ProgramData\Comodo\Cis\Quarantine\data\{858036A6-B23E-423C-A7F4-B7618010091E}, , [4fdfa3191674da5cc77260239472718f],
PUP.Optional.DownloadAdmin, C:\ProgramData\Comodo\Cis\Quarantine\data\{A971B4DD-0BE7-40F9-9340-509B1FAC090C}, , [fb331e9e9feb86b0b8be7ddd9b6527d9],
PUP.Optional.SearchProtect.A, C:\Users\Cassy\AppData\Local\Temp\spstub.exe, , [54da4d6f12780234ea1fe8d13bc63ec2],
PUP.Optional.Conduit.A, C:\Users\Cassy\AppData\Local\Temp\dlLogic.exe, , [a688b8047218c67030c992b26b95847c],
PUP.Optional.Coupoon.A, C:\Users\Cassy\AppData\Local\Temp\n134\Coupoon_09_04--c4304491.exe, , [be700ab2404aba7c2f0b93f02adca858],
PUP.Optional.PushedPlayer.A, C:\Users\Cassy\AppData\Local\Temp\n134\gusetup_pubg.exe, , [7eb0c9f36a2088aed57b4a3add2920e0],
PUP.Optional.OneSystemCare.A, C:\Users\Cassy\AppData\Local\Temp\n134\OneSystemCare_21_05--084a72ac.exe, , [240ae5d7e8a28aacbb3e23600ff75aa6],
PUP.Optional.SearchProtect.A, C:\Users\Cassy\AppData\Local\Temp\n134\searchprotect_2805-feafc00c.exe, , [ae80f1cb44467eb87d8c00b9cc35a45c],
PUP.Optional.InstallCore.A, C:\Users\Cassy\Downloads\Malavida_Download_Manager(1).exe, , [c7674e6edfab4ee8292283eddb2708f8],
PUP.Optional.InstallCore, C:\Users\Cassy\Downloads\Malavida_Download_Manager.exe, , [c16d744811799d99dc094616c63cd62a],
PUP.Optional.Solimba, C:\Users\Cassy\Downloads\Microsoft PowerPoint.exe, , [1d119c20e3a72313f888bdb2a75bcb35],
PUP.Optional.GUPlayer.A, C:\Users\Cassy\Desktop\GUPlayer.lnk, , [a985c2fae3a77fb7291bbf3829da51af],
PUP.Optional.Vitruvian.A, C:\Users\Cassy\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, , [9698279533573ff73d1b730d3bcaa060],
PUP.Optional.Vitruvian.A, C:\Users\Cassy\AppData\Local\Temp\vitruvian-installer-install-v0003, , [4de11ca0573352e4e3751f611ee702fe],
PUP.Optional.Vitruvian.A, C:\Users\Cassy\AppData\Local\Temp\vitruvian-installer-processes-v0002, , [0d218c301179f442f46479070ff629d7],
PUP.Optional.Vitruvian.A, C:\Users\Cassy\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, , [8ba3bdffa2e8f640c197a0e0768f9070],
PUP.Optional.Vitruvian.A, C:\Users\Cassy\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, , [67c7e1db0a80999d65f35d23f01525db],

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2015-06-19, 04:36
All that garbage that Malwarebytes found needs to be removed, if it did it should show those entries as Quarantined. Run Malwarebytes again and make sure everything it finds is gone

You should have had it set up like this





On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Threat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished click on VIEW DETAILED LOG
When it opens click on COPY TO CLIPBOARD
Then paste the log back into this thread for review
Exit Malwarebytes







After Malwarebytes comes back clean, open up FRST, make sure you put a checkmark in ADDITIONS, run a new scan and post both the FRST log and the Additions log please

ken545
2015-06-19, 04:46
This is the main problem with your computer

http://www.bleepingcomputer.com/virus-removal/family/adware-vitruvian/

rune1990
2015-06-19, 20:31
Alright, re-did that malwarebytes scan and got all the junk cleaned. However, i lost the logs because the clean up made my computer restart.
Will have to post the FRST logs in two parts;

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Sollux Captor (administrator) on CASSY-PC on 19-06-2015 13:16:02
Running from C:\Users\Cassy\Desktop
Loaded Profiles: Sollux Captor (Available Profiles: Sollux Captor)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2012-07-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2012-07-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-07] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-14] (COMODO)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-07] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [ComodoFSChrome] => "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2015-02-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-09] (Comodo Security Solutions, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnfflllt.lnk [2014-07-23]
ShortcutTarget: nnfflllt.lnk -> C:\Users\Cassy\AppData\Local\nnfflllt.exe (No File)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-21] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-07-07] ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3775124505-4180658665-910221950-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-21] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-21] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-08-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll [2013-06-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-08-08] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKU\S-1-5-21-3775124505-4180658665-910221950-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF SearchPlugin: C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\searchplugins\google-avast.xml [2014-12-12]
FF Extension: NoScript - C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-21]
FF HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-14]
CHR Extension: (Avast Online Security) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Skype Click to Call) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-09]
CHR Extension: (Google Wallet) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-02-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-21] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-03] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-31] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-31] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70872 2015-03-09] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-14] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-14] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-09] (Comodo Security Solutions, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-21] ()
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 13:16 - 2015-06-19 13:17 - 00021709 _____ C:\Users\Cassy\Desktop\FRST.txt
2015-06-18 20:19 - 2015-06-19 12:10 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 20:19 - 2015-06-18 20:19 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-18 20:19 - 2015-06-18 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-18 20:19 - 2015-06-18 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-18 20:19 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-18 20:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 20:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-18 20:14 - 2015-06-18 20:18 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cassy\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-18 20:05 - 2015-06-18 20:05 - 00003522 _____ C:\Users\Cassy\Desktop\JRT.txt
2015-06-18 18:01 - 2015-06-18 18:03 - 02950477 _____ (Thisisu) C:\Users\Cassy\Downloads\JRT.exe
2015-06-18 17:42 - 2015-06-18 19:38 - 00000000 ____D C:\AdwCleaner
2015-06-18 17:40 - 2015-06-18 17:41 - 02231296 _____ C:\Users\Cassy\Downloads\AdwCleaner.exe
2015-06-14 15:59 - 2015-06-14 15:59 - 00002415 _____ C:\Users\Cassy\Desktop\aswMBR.txt
2015-06-14 15:59 - 2015-06-14 15:59 - 00000512 _____ C:\Users\Cassy\Desktop\MBR.dat
2015-06-14 13:59 - 2015-06-14 13:59 - 00384076 _____ C:\WINDOWS\system32\details.dll.xml
2015-06-14 13:52 - 2015-06-14 13:53 - 05198336 _____ (AVAST Software) C:\Users\Cassy\Desktop\aswMBR.exe
2015-06-14 13:49 - 2015-06-19 13:16 - 00000000 ____D C:\FRST
2015-06-14 13:46 - 2015-06-14 13:46 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-CASSY-PC-Windows-8.1-Pro-(64-bit).dat
2015-06-14 13:40 - 2015-06-14 13:40 - 00002262 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-06-14 13:40 - 2015-06-14 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-14 13:35 - 2015-06-14 13:35 - 02109952 _____ (Farbar) C:\Users\Cassy\Desktop\FRST64.exe
2015-06-14 13:33 - 2015-06-14 13:35 - 04720448 _____ C:\Users\Cassy\Desktop\tweaking.com_registry_backup_setup(1).exe
2015-06-14 13:07 - 2015-06-14 13:07 - 00001220 _____ C:\Users\Public\Desktop\Reg Pro Cleaner.lnk
2015-06-14 13:07 - 2015-06-14 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Pro Cleaner
2015-06-14 13:05 - 2015-06-14 13:05 - 00001739 _____ C:\Users\Cassy\Desktop\Continue Microsoft PowerPoint.lnk
2015-06-13 17:17 - 2015-06-09 17:20 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-13 17:17 - 2015-06-09 17:20 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-11 15:24 - 2015-06-11 15:24 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Nico Mak Computing
2015-06-11 15:22 - 2015-06-11 15:22 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2015-06-11 15:05 - 2015-06-14 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-10 03:30 - 2015-06-10 03:45 - 00000000 ____D C:\6b423640a31629c8fbf21cb2
2015-06-09 17:30 - 2015-06-09 17:30 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-09 17:30 - 2015-04-08 18:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 17:24 - 2015-06-09 17:24 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 17:20 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 17:20 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 17:20 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 17:20 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 17:20 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 17:13 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 17:13 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 17:13 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 17:13 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 17:13 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 17:13 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 17:13 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 17:13 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 17:13 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 17:13 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 17:13 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 17:13 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 17:13 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 17:13 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 17:13 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 17:13 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 17:13 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 17:12 - 2015-06-09 17:13 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 17:12 - 2015-06-09 17:12 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 17:12 - 2015-06-09 17:12 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 17:12 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 17:12 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 17:10 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-30 18:42 - 2015-04-21 20:37 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 13:17 - 2014-09-22 15:24 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-06-19 13:07 - 2013-01-16 23:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3775124505-4180658665-910221950-1001
2015-06-19 13:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-19 12:48 - 2012-07-07 06:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 12:40 - 2014-03-29 19:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-19 12:34 - 2014-04-02 02:09 - 01558107 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-19 12:19 - 2013-01-03 13:45 - 00000000 ____D C:\Users\Cassy\AppData\Local\Adobe
2015-06-19 12:18 - 2014-04-02 16:01 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2F252FFC-BBA2-4DB2-9694-0C83F154B9BB}
2015-06-19 12:11 - 2012-07-07 06:57 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-19 12:10 - 2012-07-07 07:01 - 00360394 _____ C:\WINDOWS\system32\fastboot.set
2015-06-19 12:10 - 2012-07-07 06:43 - 00000000 ____D C:\ProgramData\VeriFace
2015-06-19 12:08 - 2012-12-25 21:57 - 00551784 _____ C:\FaceProv.log
2015-06-19 12:07 - 2013-11-14 03:20 - 01063368 _____ C:\WINDOWS\PFRO.log
2015-06-19 12:07 - 2013-08-22 10:46 - 00454360 _____ C:\WINDOWS\setupact.log
2015-06-19 12:07 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-18 21:32 - 2014-11-14 18:21 - 00090324 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-06-18 18:05 - 2013-11-14 03:29 - 01243384 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-18 18:01 - 2014-09-21 21:14 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-16 18:12 - 2014-09-22 15:25 - 00002001 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-06-14 19:34 - 2012-12-25 19:47 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Skype
2015-06-14 15:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-14 13:17 - 2014-03-29 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-14 13:11 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-14 13:08 - 2014-05-17 12:48 - 00000000 __SHD C:\Users\Cassy\AppData\Local\EmieUserList
2015-06-14 13:08 - 2014-05-17 12:48 - 00000000 __SHD C:\Users\Cassy\AppData\Local\EmieSiteList
2015-06-13 20:47 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-13 17:15 - 2013-08-22 10:44 - 05047064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 17:10 - 2014-12-14 11:20 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-13 17:10 - 2014-07-12 15:12 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-13 17:10 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-13 17:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-11 15:13 - 2014-02-27 17:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 15:12 - 2012-07-07 06:54 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-11 15:08 - 2013-11-14 03:17 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-11 15:07 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-10 03:51 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-10 03:45 - 2014-03-04 16:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 03:30 - 2013-02-20 20:54 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 00:54 - 2012-07-07 06:57 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 17:24 - 2013-11-14 03:23 - 02473472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-06-09 13:41 - 2014-03-29 19:03 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-05 09:36 - 2014-03-25 20:22 - 00820928 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-06-05 09:36 - 2014-03-25 20:22 - 00126696 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-06-05 09:36 - 2014-03-25 20:22 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-06-05 09:36 - 2014-03-25 20:22 - 00020672 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-06-05 09:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-06-05 09:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-06-05 09:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-06-05 09:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-06-05 09:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-06-05 09:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-06-05 09:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-05-31 18:38 - 2014-02-09 11:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-30 20:35 - 2015-04-08 17:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-30 20:35 - 2015-04-08 17:40 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-30 20:25 - 2014-04-02 01:44 - 00000000 ____D C:\Users\Cassy
2015-05-30 18:43 - 2014-11-16 11:47 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-30 18:34 - 2014-09-22 15:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2015-05-30 18:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-05-30 18:34 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-05-30 18:34 - 2013-06-23 17:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-30 18:34 - 2012-12-25 21:59 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-05-30 18:34 - 2012-12-25 10:04 - 00000000 ____D C:\ProgramData\Energy Management
2015-05-30 18:34 - 2012-07-07 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-30 18:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration

==================== Files in the root of some directories =======

2014-02-23 11:51 - 2014-03-24 15:51 - 0000089 _____ () C:\Users\Cassy\AppData\Roaming\WB.CFG
2014-07-23 18:22 - 2014-09-14 18:35 - 0196608 _____ () C:\Users\Cassy\AppData\Local\nnfflllt.gdb
2014-07-23 18:22 - 2014-09-14 18:35 - 1092180 _____ () C:\Users\Cassy\AppData\Local\nnfflllt.gss
2013-08-08 19:04 - 2013-08-08 19:04 - 0000218 _____ () C:\Users\Cassy\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Cassy\AppData\Local\Temp\Quarantine.exe
C:\Users\Cassy\AppData\Local\Temp\sqlite3.dll
C:\Users\Cassy\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-19 13:08

==================== End of log ============================

ken545
2015-06-19, 22:00
Got your FRST log , thank you, waiting on the Additions log, when you ran the new FRST scan, make sure you checkmarked Additions or it wont create one, if not run FRST again and just post the Additions log

rune1990
2015-06-19, 22:09
Here is half of the Addition.txt. (Log is too big to post in one part)

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Sollux Captor at 2015-06-19 13:19:12
Running from C:\Users\Cassy\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3775124505-4180658665-910221950-500 - Administrator - Disabled)
Guest (S-1-5-21-3775124505-4180658665-910221950-501 - Limited - Disabled)
Sollux Captor (S-1-5-21-3775124505-4180658665-910221950-1001 - Administrator - Enabled) => C:\Users\Cassy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.0.213 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{71CE3EA7-7F86-9C09-9E2D-F280FD66DAB5}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Autodesk SketchBook Express 6.0.1 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.01.0000 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.34.0 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.3 - Lenovo)
Energy Management (x32 Version: 7.0.3.3 - Lenovo) Hidden
Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)
Fable - The Lost Chapters (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GeekBuddy (HKLM\...\{266FA04F-F0FA-4F7A-AA1E-387A57F579F2}) (Version: 4.19.131 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GUPlayer (remove only) (HKLM-x32\...\GUPlayer) (Version: - )
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.204.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 10.4.2.8 - ELAN Microelectronic Corp.)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LockKey (HKLM-x32\...\InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}) (Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39016 - Realtek Semiconductor Corp.)
Reg Pro Cleaner version 2.0 (HKLM-x32\...\{6406DF9F-E9C8-4C2E-AB48-80352BDF5099}_is1) (Version: 2.0 - Regprocleaner)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0.3) (Version: 2.0.3 - Sparkol)
Sparkol VideoScribe (x32 Version: 2.0.3 - Sparkol) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFF 0.31 (HKLM-x32\...\WinFF_is1) (Version: - BiggMatt Software)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3775124505-4180658665-910221950-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points =========================

30-05-2015 18:09:47 Restore Operation
08-06-2015 05:43:32 Scheduled Checkpoint
11-06-2015 06:50:05 Windows Update
19-06-2015 11:48:31 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-04-23 21:46 - 00450042 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06FD72E0-B7F5-4481-9E32-AB153D85EB87} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {0B463A0A-17A0-4650-AED7-03D2E8EEA61A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {104291FF-B9B0-44A7-A256-278554C176A7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1A0CEFF4-C5AA-4604-9F10-13B6F4C27205} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: {1E140FA9-B1A4-4B9F-858E-725768F347C8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {2832FD8D-C835-4C18-A1AD-75D7DCFCF79B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-rune1990@live.ca => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {296F877A-5327-443B-BF69-872E91335096} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {2DEF782B-D8BE-4894-B504-B5DFFDE59BDB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {37259E39-5F2A-4337-B380-09A4FA91EFC2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {4C55C545-946E-4194-B536-254315987D22} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {640F5D1C-CF6F-4A47-8DDC-4C4F0F33D691} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-14] (COMODO)
Task: {64981D5F-BEBE-4F0E-B446-E92665F8B85E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {69D4A224-5C90-4079-B41F-B4828209B079} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-21] (Avast Software s.r.o.)
Task: {6A07E41D-F757-4D5C-9390-F9487E70C798} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {6E482111-D9BD-43A5-AE3B-E82D9C3A105E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {7014F7AD-A234-48B4-9BF3-A9A76EA55D99} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-04-14] (Microsoft Corporation)
Task: {852E483A-C9BB-4D32-9F80-D2E65FD4B8BA} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-14] (COMODO)
Task: {86BED227-9352-4481-A62F-65DC94099715} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8832F513-8E63-4838-BE4E-5F7E958A23B4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8F867ECB-C842-405B-A5DF-A9B92EAEC00C} - System32\Tasks\{3156708E-5FAA-47EF-8BC2-B06DB0E1FFC7} => pcalua.exe -a F:\autorun.exe -d F:\
Task: {9344402E-D270-4F6C-AF87-5ED4742B662E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9A0AC698-B752-4229-804A-3B3EF46DF35C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {9CB88AD1-D94A-466D-99B7-EC661A0989B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {A331127C-BE50-4169-9E22-7166FE01E29C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A3950791-FCCE-4972-A085-CE0BFFF01425} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {A6FF5E53-264B-42BC-BE8E-9A443B06B3BA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AD37A6B8-5CC4-4029-9053-9A6522A1ECE7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B0C6DB0D-50FF-49EE-8A4B-D9813EA39CCB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B20AB872-D29A-4C61-A0B7-359F5BABCC53} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {B7FD7B23-8BFA-430C-938C-36510D68067D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {BB31DCC1-EFC4-49DE-8146-63B81F79654C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {BC260A64-8CB4-4A5F-A864-BEBADA69E2D2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C045A651-C0D9-409C-A123-AA02A9E29399} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {C09C23D2-0AFF-422C-971D-775973DE028E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C4907BFF-3E85-4F43-A836-DF4BF6C63375} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {C6D444CE-202E-41AF-B8C8-E85B2F7206F2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C7511D35-7538-4331-AEA4-CD9870D8949A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {C7557BA0-5A1C-40E9-9163-3775719C3BCA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {CBA807A4-31E8-4E90-9BE6-DD537452AA06} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: {D523D4C3-2647-4570-956D-8E296F7BFFD7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E525F02D-E54D-4216-BA7B-A818A9A47231} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: {E53C706F-7980-48A7-8109-3061E58DA8F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {E8AE15AA-4ED3-4E2F-BD9E-8FAC5C7E44F0} - System32\Tasks\{0D8FE54C-72F8-41EA-AB72-057B02AA7191} => pcalua.exe -a C:\Users\Cassy\Desktop\PaintToolSAI\sai.exe -d C:\Users\Cassy\Desktop
Task: {E9D0919E-020C-423A-8EA9-BB6CD634D4D0} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-07-31 22:36 - 2013-07-31 22:36 - 03359088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2013-07-05 14:20 - 2012-11-14 08:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-04-15 18:39 - 2015-01-08 18:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2008-12-20 06:20 - 2012-07-07 07:00 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-02-21 16:06 - 2012-07-07 07:00 - 01490944 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 06:20 - 2012-07-07 06:59 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-07-04 22:33 - 2014-07-04 22:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-04-21 20:36 - 2015-04-21 20:36 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-21 20:35 - 2015-04-21 20:35 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-13 15:36 - 2015-06-13 15:36 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061301\algo.dll
2014-05-21 18:03 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-21 18:03 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-21 18:03 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-21 18:03 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-21 18:03 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2015-04-21 20:36 - 2015-04-21 20:36 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdhdl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdmiracast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdocl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\baaupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdechangepin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\change.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chglogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgport.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgusr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coinst_13.251.9001.1001.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CscMig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddpchunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddptrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddputils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddp_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\embeddedapplauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EmbeddedAppLauncherConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveprompt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KeyboardFilterSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoff.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenVideo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OVDecode64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistAD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistCacheProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistCleaner.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistHttpTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pmcsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ppcsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintBrmUi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qappsrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qprocess.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\query.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quser.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwinsta.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rwinsta.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID

rune1990
2015-06-19, 22:11
Second half of Addition.txt

AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tscfgwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tscon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsdiscon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tskill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdhdl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdpcom32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiadlxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticaldd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticfx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atidxx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atigktxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atimpc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atioglxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiu9pag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdva.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiuxpag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenVideo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OVDecode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ati2erec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmdag.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmpag.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\csc.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Cassy\Desktop\aswMBR.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\aswMBR.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Desktop\tumblr_n3ho4gjA091qktgxso1_1280.png:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Desktop\tweaking.com_registry_backup_setup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\tweaking.com_registry_backup_setup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\AdwCleaner.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\camtasia.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\camtasia.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\mbam-setup-2.1.6.1022.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\Office_2013_EN.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\spybot-2.4.exe.part:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "BambooCore"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\StartupFolder: => "nnfflllt.lnk"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_36970D3059E4608AE74B88E09A7E6CB3"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "nnfflllt"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [UDP Query User{90C8FD93-8CA0-44CC-BEBB-8F04AA96C654}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{E8E0F5E1-5411-4DAE-BA30-078FB3DB87A7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{1A5BC594-3E42-4FC4-B8F2-3CFE9920339F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{0B3FA924-0A3B-44B6-847A-1E98AF1A2814}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3CA0F7EE-055C-4BAA-9F00-FDF2FEE3C917}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7B6A0852-1125-4998-922F-0DC9887D9D0C}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\ibtmp90bb489\component_514
FirewallRules: [{CECD2451-F4CA-4C9C-83B6-A88FDE2D2EC8}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\ibtmp90bb489\component_514
FirewallRules: [{55BB23C6-F4DF-4B21-8307-E2D75D019D14}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\pcp_conduit_setup.exe
FirewallRules: [{48E6E930-E62D-4153-93B0-3BF0079CB0ED}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\pcp_conduit_setup.exe
FirewallRules: [{181F99B9-A961-48AA-B7D2-E8EF9E2BB89F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{FC3CC8E9-CC9E-4183-9D1E-E83CE53C3140}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4C4349CA-C49E-4FCF-B6A5-4956ACEBBDAB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CFAE0B6A-803E-4670-8AAF-71E86BDBDEBE}] => (Allow) LPort=2869
FirewallRules: [{8DAB111B-0FD6-4599-9914-386375D29197}] => (Allow) LPort=1900
FirewallRules: [{9E19D17F-F1D5-4489-BD2B-165758D3FD6A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{050976CF-DDF8-4658-A768-A77ED0852D15}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{56950948-101D-4358-A989-CE70D785B52A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B94C1C5A-5EA5-4108-BA72-DF4ED7234084}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A054E8CC-D6E5-494C-A413-14F7763DF69D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{4FA77159-96F3-4514-BA96-A0E35607ADCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{99286920-640E-42E2-BB0E-11D2AB26ECE8}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{82FA0BEF-C6EB-42C4-A024-09228D704C2B}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{4B1B5B03-7554-458D-919F-770525DEA53D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F078BE23-B1C7-4B98-853C-E5B53B884054}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{74F78ED1-D17C-485C-848C-5C106FA96434}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{08EAFC25-1D2D-433A-BAC0-5C06D12CE23B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6A8FD5DB-0DFD-428E-8B04-E5802A2A8AC6}] => (Allow) LPort=8317
FirewallRules: [{E29EBDD2-EEAA-4242-994E-E99307A29EF0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{813DA85A-6EF4-45C8-B2F0-E4EFBF89F053}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E6346685-FCDC-49B2-9E67-F2C221380C7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2015 11:19:46 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisNotification" whose target class "CisNotification" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM FwAlert" whose target class "FwAlert" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM DfAlert" whose target class "DfAlert" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM AvAlert" whose target class "AvAlert" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisAlert" whose target class "CisAlert" in //./root/cis namespace does not exist. The query will be ignored.


System errors:
=============
Error: (06/19/2015 00:06:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (06/19/2015 11:17:52 AM) (Source: DCOM) (EventID: 10010) (User: Cassy-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/19/2015 11:17:21 AM) (Source: DCOM) (EventID: 10010) (User: Cassy-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/19/2015 09:56:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (06/19/2015 09:56:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (06/18/2015 06:23:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/18/2015 06:23:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/18/2015 06:23:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GeekBuddyRSP Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/18/2015 06:23:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Dragon Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/18/2015 06:23:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (06/19/2015 11:19:46 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisAlertCisAlert//./root/cis


CodeIntegrity Errors:
===================================
Date: 2015-06-19 13:13:59.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 12:07:43.977
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 12:05:42.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 12:00:20.428
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 10:10:08.556
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 09:55:16.308
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-18 20:18:30.399
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-18 18:03:48.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-18 17:56:56.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-18 17:48:13.572
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 48%
Total physical RAM: 3689.36 MB
Available physical RAM: 1902.27 MB
Total Pagefile: 7401.36 MB
Available Pagefile: 5016.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:252.89 GB) (Free:167.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:23.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AF23A0F5)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=252.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End of log ============================

rune1990
2015-06-19, 22:17
After reading through some of the logs i just wanted to add in that this laptop is used mostly for school and watching youtube videos, i dont go to any of those terrible websites and don't understand why i am always have so much trouble with this computer! anyways thanks so much for your help :)

ken545
2015-06-19, 23:37
I am attaching a FIXLIST file, you need to download it to your desktop where you now have FRST64 or the fix wont work, use your mouse to drag FIXLIST right next to FRST64, either above or below it but not right on top of it, after its downloaded open up FRST64 and click on FIX (Not Scan) it wont take long, after your computer reboots you will find a FIXLOG file on your desktop, post it please and let me know how your system is behaving now

I have to do this in a few fixes as the file is to large for the forum

Here comes one

rune1990
2015-06-20, 00:16
Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Sollux Captor at 2015-06-19 17:01:15 Run:1
Running from C:\Users\Cassy\Desktop
Loaded Profiles: Sollux Captor (Available Profiles: Sollux Captor)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
tartup: C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnfflllt.lnk [2014-07-23]
ShortcutTarget: nnfflllt.lnk -> C:\Users\Cassy\AppData\Local\nnfflllt.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-06-14 13:07 - 2015-06-14 13:07 - 00001220 _____ C:\Users\Public\Desktop\Reg Pro Cleaner.lnk
2014-07-23 18:22 - 2014-09-14 18:35 - 0196608 _____ () C:\Users\Cassy\AppData\Local\nnfflllt.gdb
2014-07-23 18:22 - 2014-09-14 18:35 - 1092180 _____ () C:\Users\Cassy\AppData\Local\nnfflllt.gss
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdhdl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdmiracast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdocl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\baaupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdechangepin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\change.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chglogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgport.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgusr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coinst_13.251.9001.1001.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End















*****************

Processes closed successfully.
Restore point was successfully created.
tartup: C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnfflllt.lnk [2014-07-23] => Error: No automatic fix found for this entry.
C:\Users\Cassy\AppData\Local\nnfflllt.exe not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Users\Public\Desktop\Reg Pro Cleaner.lnk => moved successfully.
C:\Users\Cassy\AppData\Local\nnfflllt.gdb => moved successfully.
C:\Users\Cassy\AppData\Local\nnfflllt.gss => moved successfully.
"C:\WINDOWS\avastSS.scr" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\HelpPane.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\hh.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\notepad.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\regedit.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\splwow64.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\twain_32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\winhlp32.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\write.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\accessibilitycpl.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\acledit.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aclui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\acmigration.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\acppage.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\acproxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ActionCenter.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ActionCenterCPL.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ActionQueue.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\activeds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\actxprxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adhapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adhsvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AdmTmpl.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adprovider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adrclient.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adsldp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adsldpc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adsmsext.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adsnt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\advapi32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\advpack.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aecache.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aeinv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aelupsvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aepdu.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aepic.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AepRoam.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aitagent.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aitstatic.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\alg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AltTab.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\amdhdl64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\amdmiracast.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\amdocl64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\amdpcom64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\amstream.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\apds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\apphelp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Apphlpdm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appidapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appidcertstorecheck.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appidpolicyconverter.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppIdPolicyEngineApi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appidsvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appinfo.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appmgmts.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appmgr.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appraiser.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppReadiness.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\apprepapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\apprepsync.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appsruprov.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appwiz.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxAllUserStore.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxApplicabilityEngine.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppXDeploymentClient.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppXDeploymentExtensions.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppXDeploymentServer.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxPackaging.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxSip.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxSysprep.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ARP.EXE" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\asycfilt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\at.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AtBroker.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiadlxx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiapfxx.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aticalcl64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aticaldd64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aticalrt64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aticfx64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atidemgy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atidxx64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atieclxx.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiesrxx.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atig6pxx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atig6txx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiglpxx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atimpc64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atimuixx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atio6axx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atitmm64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiu9p64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiumd64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiumd6a.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiuxp64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atl.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atlthunk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\attrib.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\audiodg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AudioEndpointBuilder.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AudioEng.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AUDIOKSE.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AudioSes.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\audiosrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\auditcse.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuditNativeSnapIn.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuditPolicyGPInterop.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthBroker.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthExt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\authfwcfg.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthFWGP.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthFWSnapin.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthFWWizFwk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthHostProxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\autoconv.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\autoplay.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AutoWorkplaceN.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\avicap32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\avifil32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\avrt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AxInstSv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AxInstUI.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\azroles.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\azroleui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AzSqlExt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\baaupdate.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\backgroundTaskHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BackgroundTransferHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\basecsp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\basesrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\batmeter.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcdboot.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcdedit.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcdprov.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcdsrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BCP47Langs.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcrypt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcryptprimitives.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bdaplgin.ax" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bdechangepin.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BdeHdCfg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BdeHdCfgLib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bderepair.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bdesvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BdeSysprep.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bdeui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BdeUISrv.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bdeunlock.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BFE.DLL" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bidispl.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BioCredProv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bisrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BitLockerDeviceEncryption.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BitLockerWizard.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BitLockerWizardElev.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsadmin.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsigd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsperf.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx2.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx3.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx4.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx5.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx6.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx7.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\biwinrt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\blackbox.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\blb_ps.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BluetoothApis.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bootcfg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bootim.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BootMenuUX.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bootsect.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bootux.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\brdgcfg.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bridgeunattend.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BrokerLib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\browcli.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\browser.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\browseui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bthci.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BthHFSrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BthMtpContextHandler.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bthpanapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BthpanContextHandler.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bthprops.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BthRadioMedia.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bthserv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BthSQM.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bthudtask.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\btpanui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Bubbles.scr" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BulkOperationHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BWContextHandler.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ByteCodeGenerator.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cabinet.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cabview.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cacls.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CallButtons.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CallButtons.ProxyStub.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CameraSettingsUIHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\capiprovider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\capisp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\catsrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\catsrvps.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\catsrvut.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cca.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cdd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cdosys.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certca.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certCredProvider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certenc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CertEnroll.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CertEnrollCtrl.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CertEnrollUI.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certmgr.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CertPolEng.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certprop.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certreq.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certutil.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cewmdm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cfgbkend.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cfgmgr32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cfmifs.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cfmifsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\change.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\charmap.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chartv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chcp.com" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CheckNetIsolation.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chglogon.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chgport.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chgusr.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chkdsk.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chkntfs.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chkwudrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\choice.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CHxReadingStringIME.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ci.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cic.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cipher.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CIRCoInst.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clb.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clbcatq.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cleanmgr.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clfsw32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cliconfg.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cliconfg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clinfo.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clip.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CloudNotifications.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CloudStorageWizard.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clusapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmcfg32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmd.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmdext.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmdial32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmdkey.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmdl32.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmifw.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmlua.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmmon32.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmpbk32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmstp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmstplua.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmutil.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cngcredui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cngprovider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cnvfat.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cofire.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cofiredm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\coinst_13.251.9001.1001.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\colbact.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\COLORCNV.DLL" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\colorcpl.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\colorui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\combase.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comcat.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comctl32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comdlg32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\compact.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CompMgmtLauncher.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CompPkgSup.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\compstui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ComputerDefaults.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comrepl.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comsnap.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comsvcs.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comuid.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ConfigureExpandedStorage.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\conhost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\connect.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ConnectedAccountState.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\consent.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ConsentUX.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\console.dll" => ":$CmdTcID" ADS not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 644 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 17:03:58 ====

rune1990
2015-06-20, 00:20
As far as how the computer is running, i am noticing some overall improvement, however even just opening Firefox takes a good minute or two to successfully open. Loading and opening new tabs also takes a very long time. Haven't really been using it much lately but it seems slightly less glitchy.

ken545
2015-06-20, 00:45
No need to post the logs, here comes two

rune1990
2015-06-20, 02:04
Alright, done!

ken545
2015-06-20, 02:13
Three

ken545
2015-06-20, 02:40
If you did three already thats fine, I zipped the remainder, just download the zipped file to your desktop , right click on it and select Extract and extract it to your desktop and you should have the last Fixlist

rune1990
2015-06-20, 02:40
The 3rd one didn't do quite the same thing as the others. I clicked "fix" and it popped up a log when finished, (figured you didn't need the log so i closed it.) it also did not restart afterwards.

ken545
2015-06-20, 03:13
I apologize for all the fixlists, the forum has guidelines on the size of attachments and post, the zipped one I just posted ( should have thought of this before ) should be the last. I didn't enter the emptytemp command on the last ones so your computer wont reboot, thats fine

After you run the last one, Open up FRST, check mark Additions, run a new scan and post both logs, if FRST did its job your logs should not be to big and lets see where we stand

rune1990
2015-06-20, 05:06
Did as you said. Here are the logs, in 2 parts (as the addition log is still fairly large)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Sollux Captor (administrator) on CASSY-PC on 19-06-2015 21:53:48
Running from C:\Users\Cassy\Desktop
Loaded Profiles: Sollux Captor (Available Profiles: Sollux Captor)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2012-07-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2012-07-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-07] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-14] (COMODO)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-07] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [ComodoFSChrome] => "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2015-02-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-09] (Comodo Security Solutions, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnfflllt.lnk [2014-07-23]
ShortcutTarget: nnfflllt.lnk -> C:\Users\Cassy\AppData\Local\nnfflllt.exe (No File)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-21] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-07-07] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3775124505-4180658665-910221950-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-21] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-21] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-08-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll [2013-06-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-08-08] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKU\S-1-5-21-3775124505-4180658665-910221950-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF SearchPlugin: C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\searchplugins\google-avast.xml [2014-12-12]
FF Extension: NoScript - C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-21]
FF HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-14]
CHR Extension: (Avast Online Security) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Skype Click to Call) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-09]
CHR Extension: (Google Wallet) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-02-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-21] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-03] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-31] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-31] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70872 2015-03-09] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-14] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-14] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-09] (Comodo Security Solutions, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-21] ()
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 17:12 - 2015-06-19 17:12 - 00000117 ____H C:\Users\Cassy\Desktop\.~lock.Fixlog.txt#
2015-06-19 17:11 - 2015-06-19 17:11 - 00000117 ____H C:\Users\Cassy\Desktop\.~lock.FRST.txt#
2015-06-19 13:19 - 2015-06-19 13:22 - 00319278 _____ C:\Users\Cassy\Desktop\Addition.txt
2015-06-19 13:16 - 2015-06-19 21:53 - 00021548 _____ C:\Users\Cassy\Desktop\FRST.txt
2015-06-18 20:19 - 2015-06-19 12:10 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 20:19 - 2015-06-18 20:19 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-18 20:19 - 2015-06-18 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-18 20:19 - 2015-06-18 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-18 20:19 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-18 20:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 20:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-18 20:14 - 2015-06-18 20:18 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cassy\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-18 20:05 - 2015-06-18 20:05 - 00003522 _____ C:\Users\Cassy\Desktop\JRT.txt
2015-06-18 18:01 - 2015-06-18 18:03 - 02950477 _____ (Thisisu) C:\Users\Cassy\Downloads\JRT.exe
2015-06-18 17:42 - 2015-06-18 19:38 - 00000000 ____D C:\AdwCleaner
2015-06-18 17:40 - 2015-06-18 17:41 - 02231296 _____ C:\Users\Cassy\Downloads\AdwCleaner.exe
2015-06-14 15:59 - 2015-06-14 15:59 - 00002415 _____ C:\Users\Cassy\Desktop\aswMBR.txt
2015-06-14 15:59 - 2015-06-14 15:59 - 00000512 _____ C:\Users\Cassy\Desktop\MBR.dat
2015-06-14 13:59 - 2015-06-14 13:59 - 00384076 _____ C:\WINDOWS\system32\details.dll.xml
2015-06-14 13:52 - 2015-06-14 13:53 - 05198336 _____ (AVAST Software) C:\Users\Cassy\Desktop\aswMBR.exe
2015-06-14 13:49 - 2015-06-19 21:54 - 00000000 ____D C:\FRST
2015-06-14 13:46 - 2015-06-14 13:46 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-CASSY-PC-Windows-8.1-Pro-(64-bit).dat
2015-06-14 13:40 - 2015-06-14 13:40 - 00002262 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-06-14 13:40 - 2015-06-14 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-14 13:35 - 2015-06-14 13:35 - 02109952 _____ (Farbar) C:\Users\Cassy\Desktop\FRST64.exe
2015-06-14 13:33 - 2015-06-14 13:35 - 04720448 _____ C:\Users\Cassy\Desktop\tweaking.com_registry_backup_setup(1).exe
2015-06-14 13:07 - 2015-06-14 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Pro Cleaner
2015-06-14 13:05 - 2015-06-14 13:05 - 00001739 _____ C:\Users\Cassy\Desktop\Continue Microsoft PowerPoint.lnk
2015-06-13 17:17 - 2015-06-09 17:20 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-13 17:17 - 2015-06-09 17:20 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-11 15:24 - 2015-06-11 15:24 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Nico Mak Computing
2015-06-11 15:22 - 2015-06-11 15:22 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2015-06-11 15:05 - 2015-06-14 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-10 03:30 - 2015-06-10 03:45 - 00000000 ____D C:\6b423640a31629c8fbf21cb2
2015-06-09 17:30 - 2015-06-09 17:30 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-09 17:30 - 2015-04-08 18:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 17:24 - 2015-06-09 17:24 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 17:20 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 17:20 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 17:20 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 17:20 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 17:20 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 17:13 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 17:13 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 17:13 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 17:13 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 17:13 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 17:13 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 17:13 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 17:13 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 17:13 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 17:13 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 17:13 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 17:13 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 17:13 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 17:13 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 17:13 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 17:13 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 17:13 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 17:12 - 2015-06-09 17:13 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 17:12 - 2015-06-09 17:12 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 17:12 - 2015-06-09 17:12 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 17:12 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 17:12 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 17:10 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-30 18:42 - 2015-04-21 20:37 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 21:54 - 2013-11-14 03:29 - 01243384 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-19 21:53 - 2014-04-02 16:01 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2F252FFC-BBA2-4DB2-9694-0C83F154B9BB}
2015-06-19 21:50 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-19 20:09 - 2014-04-02 02:09 - 01789208 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-19 20:06 - 2014-09-22 15:24 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-06-19 19:48 - 2012-07-07 06:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 19:40 - 2014-03-29 19:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-19 19:14 - 2013-01-16 23:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3775124505-4180658665-910221950-1001
2015-06-19 18:59 - 2012-07-07 07:01 - 00304418 _____ C:\WINDOWS\system32\fastboot.set
2015-06-19 18:59 - 2012-07-07 06:57 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-19 18:59 - 2012-07-07 06:43 - 00000000 ____D C:\ProgramData\VeriFace
2015-06-19 18:57 - 2013-08-22 10:46 - 00457074 _____ C:\WINDOWS\setupact.log
2015-06-19 18:57 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-19 18:57 - 2012-12-25 21:57 - 00554912 _____ C:\FaceProv.log
2015-06-19 17:10 - 2014-09-21 21:14 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-19 17:05 - 2013-11-14 03:20 - 01063718 _____ C:\WINDOWS\PFRO.log
2015-06-19 12:19 - 2013-01-03 13:45 - 00000000 ____D C:\Users\Cassy\AppData\Local\Adobe
2015-06-18 21:32 - 2014-11-14 18:21 - 00090324 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-06-16 18:12 - 2014-09-22 15:25 - 00002001 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-06-14 19:34 - 2012-12-25 19:47 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Skype
2015-06-14 15:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-14 13:17 - 2014-03-29 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-14 13:11 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-14 13:08 - 2014-05-17 12:48 - 00000000 __SHD C:\Users\Cassy\AppData\Local\EmieUserList
2015-06-14 13:08 - 2014-05-17 12:48 - 00000000 __SHD C:\Users\Cassy\AppData\Local\EmieSiteList
2015-06-13 20:47 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-13 17:15 - 2013-08-22 10:44 - 05047064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 17:10 - 2014-12-14 11:20 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-13 17:10 - 2014-07-12 15:12 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-13 17:10 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-13 17:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-11 15:13 - 2014-02-27 17:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 15:12 - 2012-07-07 06:54 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-11 15:08 - 2013-11-14 03:17 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-11 15:07 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-10 03:51 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-10 03:45 - 2014-03-04 16:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 03:30 - 2013-02-20 20:54 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 00:54 - 2012-07-07 06:57 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 17:24 - 2013-11-14 03:23 - 02473472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-06-09 13:41 - 2014-03-29 19:03 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-05 09:36 - 2014-03-25 20:22 - 00820928 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-06-05 09:36 - 2014-03-25 20:22 - 00126696 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-06-05 09:36 - 2014-03-25 20:22 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-06-05 09:36 - 2014-03-25 20:22 - 00020672 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-06-05 09:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-06-05 09:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-06-05 09:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-06-05 09:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-06-05 09:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-06-05 09:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-06-05 09:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-05-31 18:38 - 2014-02-09 11:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-30 20:35 - 2015-04-08 17:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-30 20:35 - 2015-04-08 17:40 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-30 20:25 - 2014-04-02 01:44 - 00000000 ____D C:\Users\Cassy
2015-05-30 18:43 - 2014-11-16 11:47 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-30 18:34 - 2014-09-22 15:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2015-05-30 18:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-05-30 18:34 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-05-30 18:34 - 2013-06-23 17:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-30 18:34 - 2012-12-25 21:59 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-05-30 18:34 - 2012-12-25 10:04 - 00000000 ____D C:\ProgramData\Energy Management
2015-05-30 18:34 - 2012-07-07 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-30 18:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration

==================== Files in the root of some directories =======

2014-02-23 11:51 - 2014-03-24 15:51 - 0000089 _____ () C:\Users\Cassy\AppData\Roaming\WB.CFG
2013-08-08 19:04 - 2013-08-08 19:04 - 0000218 _____ () C:\Users\Cassy\AppData\Local\recently-used.xbel

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-19 19:14

==================== End of log ============================

rune1990
2015-06-20, 05:11
Ugh addition log is still too large for one post!

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Sollux Captor at 2015-06-19 21:57:29
Running from C:\Users\Cassy\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3775124505-4180658665-910221950-500 - Administrator - Disabled)
Guest (S-1-5-21-3775124505-4180658665-910221950-501 - Limited - Disabled)
Sollux Captor (S-1-5-21-3775124505-4180658665-910221950-1001 - Administrator - Enabled) => C:\Users\Cassy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.0.213 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{71CE3EA7-7F86-9C09-9E2D-F280FD66DAB5}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Autodesk SketchBook Express 6.0.1 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.01.0000 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.34.0 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.3 - Lenovo)
Energy Management (x32 Version: 7.0.3.3 - Lenovo) Hidden
Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)
Fable - The Lost Chapters (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GeekBuddy (HKLM\...\{266FA04F-F0FA-4F7A-AA1E-387A57F579F2}) (Version: 4.19.131 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GUPlayer (remove only) (HKLM-x32\...\GUPlayer) (Version: - )
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.204.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 10.4.2.8 - ELAN Microelectronic Corp.)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LockKey (HKLM-x32\...\InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}) (Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39016 - Realtek Semiconductor Corp.)
Reg Pro Cleaner version 2.0 (HKLM-x32\...\{6406DF9F-E9C8-4C2E-AB48-80352BDF5099}_is1) (Version: 2.0 - Regprocleaner)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0.3) (Version: 2.0.3 - Sparkol)
Sparkol VideoScribe (x32 Version: 2.0.3 - Sparkol) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFF 0.31 (HKLM-x32\...\WinFF_is1) (Version: - BiggMatt Software)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3775124505-4180658665-910221950-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points =========================

30-05-2015 18:09:47 Restore Operation
08-06-2015 05:43:32 Scheduled Checkpoint
11-06-2015 06:50:05 Windows Update
19-06-2015 11:48:31 Scheduled Checkpoint
19-06-2015 17:01:21 Restore Point Created by FRST
19-06-2015 18:54:37 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-06-19 17:02 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06FD72E0-B7F5-4481-9E32-AB153D85EB87} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {0B463A0A-17A0-4650-AED7-03D2E8EEA61A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {104291FF-B9B0-44A7-A256-278554C176A7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1A0CEFF4-C5AA-4604-9F10-13B6F4C27205} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: {1E140FA9-B1A4-4B9F-858E-725768F347C8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {1E7494D1-D3D8-4BA2-9469-2A0BFFE53CF8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {2832FD8D-C835-4C18-A1AD-75D7DCFCF79B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-rune1990@live.ca => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {296F877A-5327-443B-BF69-872E91335096} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {2DEF782B-D8BE-4894-B504-B5DFFDE59BDB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {37259E39-5F2A-4337-B380-09A4FA91EFC2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {4C55C545-946E-4194-B536-254315987D22} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {640F5D1C-CF6F-4A47-8DDC-4C4F0F33D691} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-14] (COMODO)
Task: {64981D5F-BEBE-4F0E-B446-E92665F8B85E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {69D4A224-5C90-4079-B41F-B4828209B079} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-21] (Avast Software s.r.o.)
Task: {6A07E41D-F757-4D5C-9390-F9487E70C798} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {6E482111-D9BD-43A5-AE3B-E82D9C3A105E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {7014F7AD-A234-48B4-9BF3-A9A76EA55D99} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-04-14] (Microsoft Corporation)
Task: {852E483A-C9BB-4D32-9F80-D2E65FD4B8BA} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-14] (COMODO)
Task: {86BED227-9352-4481-A62F-65DC94099715} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8832F513-8E63-4838-BE4E-5F7E958A23B4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8F867ECB-C842-405B-A5DF-A9B92EAEC00C} - System32\Tasks\{3156708E-5FAA-47EF-8BC2-B06DB0E1FFC7} => pcalua.exe -a F:\autorun.exe -d F:\
Task: {9344402E-D270-4F6C-AF87-5ED4742B662E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9A0AC698-B752-4229-804A-3B3EF46DF35C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {A331127C-BE50-4169-9E22-7166FE01E29C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A3950791-FCCE-4972-A085-CE0BFFF01425} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {A6FF5E53-264B-42BC-BE8E-9A443B06B3BA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AD37A6B8-5CC4-4029-9053-9A6522A1ECE7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B0C6DB0D-50FF-49EE-8A4B-D9813EA39CCB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B20AB872-D29A-4C61-A0B7-359F5BABCC53} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {B7FD7B23-8BFA-430C-938C-36510D68067D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {BB31DCC1-EFC4-49DE-8146-63B81F79654C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {BC260A64-8CB4-4A5F-A864-BEBADA69E2D2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C045A651-C0D9-409C-A123-AA02A9E29399} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {C09C23D2-0AFF-422C-971D-775973DE028E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C4907BFF-3E85-4F43-A836-DF4BF6C63375} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {C6D444CE-202E-41AF-B8C8-E85B2F7206F2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C7511D35-7538-4331-AEA4-CD9870D8949A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {C7557BA0-5A1C-40E9-9163-3775719C3BCA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {CBA807A4-31E8-4E90-9BE6-DD537452AA06} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: {D523D4C3-2647-4570-956D-8E296F7BFFD7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E525F02D-E54D-4216-BA7B-A818A9A47231} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: {E53C706F-7980-48A7-8109-3061E58DA8F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {E8AE15AA-4ED3-4E2F-BD9E-8FAC5C7E44F0} - System32\Tasks\{0D8FE54C-72F8-41EA-AB72-057B02AA7191} => pcalua.exe -a C:\Users\Cassy\Desktop\PaintToolSAI\sai.exe -d C:\Users\Cassy\Desktop
Task: {E9D0919E-020C-423A-8EA9-BB6CD634D4D0} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-07-31 22:36 - 2013-07-31 22:36 - 03359088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2013-07-05 14:20 - 2012-11-14 08:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-04-15 18:39 - 2015-01-08 18:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2008-12-20 06:20 - 2012-07-07 07:00 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-02-21 16:06 - 2012-07-07 07:00 - 01490944 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 06:20 - 2012-07-07 06:59 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-07-04 22:33 - 2014-07-04 22:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-04-21 20:36 - 2015-04-21 20:36 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-21 20:35 - 2015-04-21 20:35 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-13 15:36 - 2015-06-13 15:36 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061301\algo.dll
2014-05-21 18:03 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-21 18:03 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-21 18:03 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-21 18:03 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-21 18:03 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2015-04-21 20:36 - 2015-04-21 20:36 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdhdl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdmiracast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdocl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\baaupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdechangepin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\change.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chglogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgport.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgusr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coinst_13.251.9001.1001.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CscMig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddpchunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddptrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddputils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddp_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\embeddedapplauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EmbeddedAppLauncherConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveprompt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KeyboardFilterSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoff.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenVideo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OVDecode64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistAD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistCacheProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistCleaner.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistHttpTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pmcsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ppcsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintBrmUi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qappsrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qprocess.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\query.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quser.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwinsta.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rwinsta.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tscfgwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tscon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsdiscon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tskill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID

rune1990
2015-06-20, 05:12
AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdhdl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdpcom32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiadlxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticaldd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticfx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atidxx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atigktxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atimpc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atioglxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiu9pag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdva.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiuxpag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenVideo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OVDecode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ati2erec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmdag.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmpag.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\csc.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\aswMBR.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\tweaking.com_registry_backup_setup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\camtasia.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\Office_2013_EN.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\spybot-2.4.exe.part:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "BambooCore"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\StartupFolder: => "nnfflllt.lnk"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_36970D3059E4608AE74B88E09A7E6CB3"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "nnfflllt"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [UDP Query User{90C8FD93-8CA0-44CC-BEBB-8F04AA96C654}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{E8E0F5E1-5411-4DAE-BA30-078FB3DB87A7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{1A5BC594-3E42-4FC4-B8F2-3CFE9920339F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{0B3FA924-0A3B-44B6-847A-1E98AF1A2814}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3CA0F7EE-055C-4BAA-9F00-FDF2FEE3C917}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7B6A0852-1125-4998-922F-0DC9887D9D0C}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\ibtmp90bb489\component_514
FirewallRules: [{CECD2451-F4CA-4C9C-83B6-A88FDE2D2EC8}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\ibtmp90bb489\component_514
FirewallRules: [{48E6E930-E62D-4153-93B0-3BF0079CB0ED}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\pcp_conduit_setup.exe
FirewallRules: [{181F99B9-A961-48AA-B7D2-E8EF9E2BB89F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{FC3CC8E9-CC9E-4183-9D1E-E83CE53C3140}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4C4349CA-C49E-4FCF-B6A5-4956ACEBBDAB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CFAE0B6A-803E-4670-8AAF-71E86BDBDEBE}] => (Allow) LPort=2869
FirewallRules: [{8DAB111B-0FD6-4599-9914-386375D29197}] => (Allow) LPort=1900
FirewallRules: [{9E19D17F-F1D5-4489-BD2B-165758D3FD6A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{050976CF-DDF8-4658-A768-A77ED0852D15}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{56950948-101D-4358-A989-CE70D785B52A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B94C1C5A-5EA5-4108-BA72-DF4ED7234084}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A054E8CC-D6E5-494C-A413-14F7763DF69D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{4FA77159-96F3-4514-BA96-A0E35607ADCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{99286920-640E-42E2-BB0E-11D2AB26ECE8}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{82FA0BEF-C6EB-42C4-A024-09228D704C2B}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{4B1B5B03-7554-458D-919F-770525DEA53D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F078BE23-B1C7-4B98-853C-E5B53B884054}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{74F78ED1-D17C-485C-848C-5C106FA96434}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{08EAFC25-1D2D-433A-BAC0-5C06D12CE23B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6A8FD5DB-0DFD-428E-8B04-E5802A2A8AC6}] => (Allow) LPort=8317
FirewallRules: [{E29EBDD2-EEAA-4242-994E-E99307A29EF0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{813DA85A-6EF4-45C8-B2F0-E4EFBF89F053}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E6346685-FCDC-49B2-9E67-F2C221380C7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2015 06:54:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5103a498-b61e-4d5a-8a68-7932c86dfc73}

Error: (06/19/2015 05:01:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bd9cc8a9-bbe1-4a27-97f0-60dff5e875a3}

Error: (06/19/2015 11:19:46 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisNotification" whose target class "CisNotification" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM FwAlert" whose target class "FwAlert" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM DfAlert" whose target class "DfAlert" in //./root/cis namespace does not exist. The query will be ignored.


System errors:
=============
Error: (06/19/2015 08:09:38 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/19/2015 06:54:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/19/2015 06:54:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/19/2015 06:54:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/19/2015 06:54:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/19/2015 06:54:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/19/2015 06:54:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Skype Click to Call PNR Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/19/2015 06:54:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GeekBuddyRSP Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/19/2015 06:54:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Dragon Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/19/2015 06:54:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Skype Click to Call Updater service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (06/19/2015 06:54:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5103a498-b61e-4d5a-8a68-7932c86dfc73}

Error: (06/19/2015 05:01:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bd9cc8a9-bbe1-4a27-97f0-60dff5e875a3}

Error: (06/19/2015 11:19:46 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis


CodeIntegrity Errors:
===================================
Date: 2015-06-19 21:53:32.373
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 19:35:17.436
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 18:57:20.454
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 18:54:22.948
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 17:19:53.030
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 17:05:39.294
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 16:59:00.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 13:13:59.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 12:07:43.977
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 12:05:42.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 40%
Total physical RAM: 3689.36 MB
Available physical RAM: 2199.34 MB
Total Pagefile: 7401.36 MB
Available Pagefile: 4923.88 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:252.89 GB) (Free:166.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:23.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AF23A0F5)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=252.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End of log ============================

ken545
2015-06-20, 05:49
Looks ok, how is everything running now ?

rune1990
2015-06-22, 01:41
Sorry for late reply.
Seems like the bulk of the issues have noticeably subsided. When i go to a website it no longer takes quite as long to load and i haven't yet noticed my favorite "Firefox is not responding" message popping up as frequently. Computer is running smoother overall.

ken545
2015-06-22, 02:54
Great, glad things are running back to normal for you

Double click on AdwCleaner.exe to run the tool again.


Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.






==========================================================




Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.


http://i24.photobucket.com/albums/c30/ken545/DelFix_zps139e2ea1.jpg (http://s24.photobucket.com/user/ken545/media/DelFix_zps139e2ea1.jpg.html)




Windows XP Double Click DelFix.exe to run the program.
Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
Checkmark " Remove Disinfection Tools"
Click the Run button




This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually






==========================================================








How did I get infected in the first place ?


WhattheTech (http://forums.whatthetech.com/index.php?showtopic=97186)
Grinler BleepingComputer (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)






Safe Surfn
Ken

ken545
2015-06-23, 15:12
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.