Pop-ups, redirects and slow computer

**ken545** · 2015-06-19, 03:46

This is the main problem with your computer

http://www.bleepingcomputer.com/viru...are-vitruvian/

**rune1990** · 2015-06-19, 19:31

Alright, re-did that malwarebytes scan and got all the junk cleaned. However, i lost the logs because the clean up made my computer restart.
Will have to post the FRST logs in two parts;

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Sollux Captor (administrator) on CASSY-PC on 19-06-2015 13:16:02
Running from C:\Users\Cassy\Desktop
Loaded Profiles: Sollux Captor (Available Profiles: Sollux Captor)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2809856 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2012-03-01] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2012-07-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2012-07-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-07-07] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-14] (COMODO)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-07-07] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2236816 2013-08-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [ComodoFSChrome] => "C:\Program Files (x86)\AdTrustMedia\PrivDog\FinalizeSetup.exe" /c
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2015-02-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-09] (Comodo Security Solutions, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnfflllt.lnk [2014-07-23]
ShortcutTarget: nnfflllt.lnk -> C:\Users\Cassy\AppData\Local\nnfflllt.exe (No File)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll [2013-07-31] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-21] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-07-07] ()
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...LENN&bmod=LENN
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3775124505-4180658665-910221950-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-21] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-21] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchEngine.US: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-08-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll [2013-06-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-08-08] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKU\S-1-5-21-3775124505-4180658665-910221950-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF SearchPlugin: C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\searchplugins\google-avast.xml [2014-12-12]
FF Extension: NoScript - C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Profiles\4fgio0ge.default-1416152417215\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-21]
FF HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-14]
CHR Extension: (Avast Online Security) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Skype Click to Call) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-09]
CHR Extension: (Google Wallet) - C:\Users\Cassy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-02-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-21] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-03] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-31] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-31] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70872 2015-03-09] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-14] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-14] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-03-09] (Comodo Security Solutions, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-11-14] (Wacom Technology, Corp.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-21] ()
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-19] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 13:16 - 2015-06-19 13:17 - 00021709 _____ C:\Users\Cassy\Desktop\FRST.txt
2015-06-18 20:19 - 2015-06-19 12:10 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-18 20:19 - 2015-06-18 20:19 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-18 20:19 - 2015-06-18 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-18 20:19 - 2015-06-18 20:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-18 20:19 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-18 20:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 20:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-18 20:14 - 2015-06-18 20:18 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Cassy\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-18 20:05 - 2015-06-18 20:05 - 00003522 _____ C:\Users\Cassy\Desktop\JRT.txt
2015-06-18 18:01 - 2015-06-18 18:03 - 02950477 _____ (Thisisu) C:\Users\Cassy\Downloads\JRT.exe
2015-06-18 17:42 - 2015-06-18 19:38 - 00000000 ____D C:\AdwCleaner
2015-06-18 17:40 - 2015-06-18 17:41 - 02231296 _____ C:\Users\Cassy\Downloads\AdwCleaner.exe
2015-06-14 15:59 - 2015-06-14 15:59 - 00002415 _____ C:\Users\Cassy\Desktop\aswMBR.txt
2015-06-14 15:59 - 2015-06-14 15:59 - 00000512 _____ C:\Users\Cassy\Desktop\MBR.dat
2015-06-14 13:59 - 2015-06-14 13:59 - 00384076 _____ C:\WINDOWS\system32\details.dll.xml
2015-06-14 13:52 - 2015-06-14 13:53 - 05198336 _____ (AVAST Software) C:\Users\Cassy\Desktop\aswMBR.exe
2015-06-14 13:49 - 2015-06-19 13:16 - 00000000 ____D C:\FRST
2015-06-14 13:46 - 2015-06-14 13:46 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-CASSY-PC-Windows-8.1-Pro-(64-bit).dat
2015-06-14 13:40 - 2015-06-14 13:40 - 00002262 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-06-14 13:40 - 2015-06-14 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-14 13:35 - 2015-06-14 13:35 - 02109952 _____ (Farbar) C:\Users\Cassy\Desktop\FRST64.exe
2015-06-14 13:33 - 2015-06-14 13:35 - 04720448 _____ C:\Users\Cassy\Desktop\tweaking.com_registry_backup_setup(1).exe
2015-06-14 13:07 - 2015-06-14 13:07 - 00001220 _____ C:\Users\Public\Desktop\Reg Pro Cleaner.lnk
2015-06-14 13:07 - 2015-06-14 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Pro Cleaner
2015-06-14 13:05 - 2015-06-14 13:05 - 00001739 _____ C:\Users\Cassy\Desktop\Continue Microsoft PowerPoint.lnk
2015-06-13 17:17 - 2015-06-09 17:20 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-13 17:17 - 2015-06-09 17:20 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-11 15:24 - 2015-06-11 15:24 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Nico Mak Computing
2015-06-11 15:22 - 2015-06-11 15:22 - 00000000 ____D C:\ProgramData\Nico Mak Computing
2015-06-11 15:05 - 2015-06-14 13:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-10 03:30 - 2015-06-10 03:45 - 00000000 ____D C:\6b423640a31629c8fbf21cb2
2015-06-09 17:30 - 2015-06-09 17:30 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-09 17:30 - 2015-06-09 17:30 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-09 17:30 - 2015-04-08 18:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 17:24 - 2015-06-09 17:24 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 17:24 - 2015-06-09 17:24 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 17:20 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 17:20 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 17:20 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 17:20 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 17:20 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 17:13 - 2015-06-09 17:13 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 17:13 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 17:13 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 17:13 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 17:13 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 17:13 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 17:13 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 17:13 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 17:13 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 17:13 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 17:13 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 17:13 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 17:13 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 17:13 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 17:13 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 17:13 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 17:13 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 17:13 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 17:12 - 2015-06-09 17:13 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 17:12 - 2015-06-09 17:13 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 17:12 - 2015-06-09 17:12 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 17:12 - 2015-06-09 17:12 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 17:12 - 2015-06-09 17:12 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 17:12 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 17:12 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 17:10 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-30 18:42 - 2015-04-21 20:37 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-19 13:17 - 2014-09-22 15:24 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-06-19 13:07 - 2013-01-16 23:03 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3775124505-4180658665-910221950-1001
2015-06-19 13:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-19 12:48 - 2012-07-07 06:57 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 12:40 - 2014-03-29 19:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-19 12:34 - 2014-04-02 02:09 - 01558107 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-19 12:19 - 2013-01-03 13:45 - 00000000 ____D C:\Users\Cassy\AppData\Local\Adobe
2015-06-19 12:18 - 2014-04-02 16:01 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2F252FFC-BBA2-4DB2-9694-0C83F154B9BB}
2015-06-19 12:11 - 2012-07-07 06:57 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-19 12:10 - 2012-07-07 07:01 - 00360394 _____ C:\WINDOWS\system32\fastboot.set
2015-06-19 12:10 - 2012-07-07 06:43 - 00000000 ____D C:\ProgramData\VeriFace
2015-06-19 12:08 - 2012-12-25 21:57 - 00551784 _____ C:\FaceProv.log
2015-06-19 12:07 - 2013-11-14 03:20 - 01063368 _____ C:\WINDOWS\PFRO.log
2015-06-19 12:07 - 2013-08-22 10:46 - 00454360 _____ C:\WINDOWS\setupact.log
2015-06-19 12:07 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-18 21:32 - 2014-11-14 18:21 - 00090324 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-06-18 18:05 - 2013-11-14 03:29 - 01243384 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-18 18:01 - 2014-09-21 21:14 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-16 18:12 - 2014-09-22 15:25 - 00002001 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-06-14 19:34 - 2012-12-25 19:47 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Skype
2015-06-14 15:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-14 13:17 - 2014-03-29 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-14 13:11 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-14 13:08 - 2014-05-17 12:48 - 00000000 __SHD C:\Users\Cassy\AppData\Local\EmieUserList
2015-06-14 13:08 - 2014-05-17 12:48 - 00000000 __SHD C:\Users\Cassy\AppData\Local\EmieSiteList
2015-06-13 20:47 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-13 17:15 - 2013-08-22 10:44 - 05047064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 17:10 - 2014-12-14 11:20 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-13 17:10 - 2014-07-12 15:12 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-13 17:10 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-13 17:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-11 15:13 - 2014-02-27 17:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 15:12 - 2012-07-07 06:54 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-11 15:08 - 2013-11-14 03:17 - 00000000 ____D C:\WINDOWS\ShellNew
2015-06-11 15:07 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-10 03:51 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-10 03:45 - 2014-03-04 16:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 03:30 - 2013-02-20 20:54 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 00:54 - 2012-07-07 06:57 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 17:24 - 2013-11-14 03:23 - 02473472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-06-09 13:41 - 2014-03-29 19:03 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-05 09:36 - 2014-03-25 20:22 - 00820928 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2015-06-05 09:36 - 2014-03-25 20:22 - 00126696 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2015-06-05 09:36 - 2014-03-25 20:22 - 00035056 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2015-06-05 09:36 - 2014-03-25 20:22 - 00020672 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2015-06-05 09:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-06-05 09:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-06-05 09:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2015-06-05 09:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2015-06-05 09:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2015-06-05 09:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2015-06-05 09:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2015-05-31 18:38 - 2014-02-09 11:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-30 20:35 - 2015-04-08 17:40 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-30 20:35 - 2015-04-08 17:40 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-30 20:25 - 2014-04-02 01:44 - 00000000 ____D C:\Users\Cassy
2015-05-30 18:43 - 2014-11-16 11:47 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-30 18:34 - 2014-09-22 15:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2015-05-30 18:34 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-05-30 18:34 - 2013-06-23 17:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-05-30 18:34 - 2013-06-23 17:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-30 18:34 - 2012-12-25 21:59 - 00000000 ____D C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-05-30 18:34 - 2012-12-25 10:04 - 00000000 ____D C:\ProgramData\Energy Management
2015-05-30 18:34 - 2012-07-07 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-30 18:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration

==================== Files in the root of some directories =======

2014-02-23 11:51 - 2014-03-24 15:51 - 0000089 _____ () C:\Users\Cassy\AppData\Roaming\WB.CFG
2014-07-23 18:22 - 2014-09-14 18:35 - 0196608 _____ () C:\Users\Cassy\AppData\Local\nnfflllt.gdb
2014-07-23 18:22 - 2014-09-14 18:35 - 1092180 _____ () C:\Users\Cassy\AppData\Local\nnfflllt.gss
2013-08-08 19:04 - 2013-08-08 19:04 - 0000218 _____ () C:\Users\Cassy\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Cassy\AppData\Local\Temp\Quarantine.exe
C:\Users\Cassy\AppData\Local\Temp\sqlite3.dll
C:\Users\Cassy\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-19 13:08

==================== End of log ============================

**ken545** · 2015-06-19, 21:00

Got your FRST log , thank you, waiting on the Additions log, when you ran the new FRST scan, make sure you checkmarked Additions or it wont create one, if not run FRST again and just post the Additions log

**rune1990** · 2015-06-19, 21:09

Here is half of the Addition.txt. (Log is too big to post in one part)

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Sollux Captor at 2015-06-19 13:19:12
Running from C:\Users\Cassy\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3775124505-4180658665-910221950-500 - Administrator - Disabled)
Guest (S-1-5-21-3775124505-4180658665-910221950-501 - Limited - Disabled)
Sollux Captor (S-1-5-21-3775124505-4180658665-910221950-1001 - Administrator - Enabled) => C:\Users\Cassy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.0.213 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Professional CC (HKLM-x32\...\{B56B95BF-7161-4166-8288-DB1BA9F6C9B8}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{71CE3EA7-7F86-9C09-9E2D-F280FD66DAB5}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Atheros WLAN Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Autodesk SketchBook Express 6.0.1 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.01.0000 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.3.0-3 - Wacom Technology Corp.)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.34.0 - Conexant)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.3 - Lenovo)
Energy Management (x32 Version: 7.0.3.3 - Lenovo) Hidden
Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)
Fable - The Lost Chapters (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GeekBuddy (HKLM\...\{266FA04F-F0FA-4F7A-AA1E-387A57F579F2}) (Version: 4.19.131 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GUPlayer (remove only) (HKLM-x32\...\GUPlayer) (Version: - )
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.204.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 10.4.2.8 - ELAN Microelectronic Corp.)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LockKey (HKLM-x32\...\InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}) (Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39016 - Realtek Semiconductor Corp.)
Reg Pro Cleaner version 2.0 (HKLM-x32\...\{6406DF9F-E9C8-4C2E-AB48-80352BDF5099}_is1) (Version: 2.0 - Regprocleaner)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0.3) (Version: 2.0.3 - Sparkol)
Sparkol VideoScribe (x32 Version: 2.0.3 - Sparkol) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFF 0.31 (HKLM-x32\...\WinFF_is1) (Version: - BiggMatt Software)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3775124505-4180658665-910221950-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points =========================

30-05-2015 18:09:47 Restore Operation
08-06-2015 05:43:32 Scheduled Checkpoint
11-06-2015 06:50:05 Windows Update
19-06-2015 11:48:31 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-04-23 21:46 - 00450042 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06FD72E0-B7F5-4481-9E32-AB153D85EB87} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {0B463A0A-17A0-4650-AED7-03D2E8EEA61A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {104291FF-B9B0-44A7-A256-278554C176A7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1A0CEFF4-C5AA-4604-9F10-13B6F4C27205} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: {1E140FA9-B1A4-4B9F-858E-725768F347C8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {2832FD8D-C835-4C18-A1AD-75D7DCFCF79B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-rune1990@live.ca => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {296F877A-5327-443B-BF69-872E91335096} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {2DEF782B-D8BE-4894-B504-B5DFFDE59BDB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {37259E39-5F2A-4337-B380-09A4FA91EFC2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {4C55C545-946E-4194-B536-254315987D22} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {640F5D1C-CF6F-4A47-8DDC-4C4F0F33D691} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-14] (COMODO)
Task: {64981D5F-BEBE-4F0E-B446-E92665F8B85E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {69D4A224-5C90-4079-B41F-B4828209B079} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-21] (Avast Software s.r.o.)
Task: {6A07E41D-F757-4D5C-9390-F9487E70C798} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {6E482111-D9BD-43A5-AE3B-E82D9C3A105E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {7014F7AD-A234-48B4-9BF3-A9A76EA55D99} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-04-14] (Microsoft Corporation)
Task: {852E483A-C9BB-4D32-9F80-D2E65FD4B8BA} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-14] (COMODO)
Task: {86BED227-9352-4481-A62F-65DC94099715} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8832F513-8E63-4838-BE4E-5F7E958A23B4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8F867ECB-C842-405B-A5DF-A9B92EAEC00C} - System32\Tasks\{3156708E-5FAA-47EF-8BC2-B06DB0E1FFC7} => pcalua.exe -a F:\autorun.exe -d F:\
Task: {9344402E-D270-4F6C-AF87-5ED4742B662E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9A0AC698-B752-4229-804A-3B3EF46DF35C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {9CB88AD1-D94A-466D-99B7-EC661A0989B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {A331127C-BE50-4169-9E22-7166FE01E29C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A3950791-FCCE-4972-A085-CE0BFFF01425} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {A6FF5E53-264B-42BC-BE8E-9A443B06B3BA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {AD37A6B8-5CC4-4029-9053-9A6522A1ECE7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B0C6DB0D-50FF-49EE-8A4B-D9813EA39CCB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B20AB872-D29A-4C61-A0B7-359F5BABCC53} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {B7FD7B23-8BFA-430C-938C-36510D68067D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {BB31DCC1-EFC4-49DE-8146-63B81F79654C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {BC260A64-8CB4-4A5F-A864-BEBADA69E2D2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C045A651-C0D9-409C-A123-AA02A9E29399} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {C09C23D2-0AFF-422C-971D-775973DE028E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C4907BFF-3E85-4F43-A836-DF4BF6C63375} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {C6D444CE-202E-41AF-B8C8-E85B2F7206F2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C7511D35-7538-4331-AEA4-CD9870D8949A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {C7557BA0-5A1C-40E9-9163-3775719C3BCA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {CBA807A4-31E8-4E90-9BE6-DD537452AA06} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: {D523D4C3-2647-4570-956D-8E296F7BFFD7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E525F02D-E54D-4216-BA7B-A818A9A47231} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: {E53C706F-7980-48A7-8109-3061E58DA8F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {E8AE15AA-4ED3-4E2F-BD9E-8FAC5C7E44F0} - System32\Tasks\{0D8FE54C-72F8-41EA-AB72-057B02AA7191} => pcalua.exe -a C:\Users\Cassy\Desktop\PaintToolSAI\sai.exe -d C:\Users\Cassy\Desktop
Task: {E9D0919E-020C-423A-8EA9-BB6CD634D4D0} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-14] (COMODO)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-07-31 22:36 - 2013-07-31 22:36 - 03359088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2013-07-05 14:20 - 2012-11-14 08:45 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-04-15 18:39 - 2015-01-08 18:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2008-12-20 06:20 - 2012-07-07 07:00 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-02-21 16:06 - 2012-07-07 07:00 - 01490944 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 06:20 - 2012-07-07 06:59 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-07-04 22:33 - 2014-07-04 22:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-04-21 20:36 - 2015-04-21 20:36 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-21 20:35 - 2015-04-21 20:35 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-13 15:36 - 2015-06-13 15:36 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061301\algo.dll
2014-05-21 18:03 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-21 18:03 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-21 18:03 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-21 18:03 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-21 18:03 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-07-07 06:43 - 2012-07-07 06:43 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2015-04-21 20:36 - 2015-04-21 20:36 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdhdl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdmiracast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdocl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\baaupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdechangepin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\change.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chglogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgport.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgusr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coinst_13.251.9001.1001.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\correngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptcatsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CscMig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cscui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CSystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafupnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dafWfdProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DAMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\datusage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DDORes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddpchunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddptrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddputils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddp_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Defrag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\defragsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceDriverRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceElementSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\deviceregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceSetupManagerAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DevPropMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfdts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DFDWiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DiagCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\djoin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnscacheugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnshc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dot3Conn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3mm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DsmUserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dwmredir.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxgwdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Dxpserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Eap3Host.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eapsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easconsent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easinvoker.proxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efslsaext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\embeddedapplauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EmbeddedAppLauncherConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energyprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\energytask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\EventAggregation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FDResPub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhautoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhevents.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhlisten.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhmanagew.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhshl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsrchph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhsvcctl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FileAppxStreamingDataSource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Firewall.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsavailux.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fthsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecerts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveprompt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOMPOSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSCOVER.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSMON.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSROUTE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSST.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXST30.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSTIFF.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUNATD.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\FXSUTILITY.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gacinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Groupinghc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hgprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotplug.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hotspotauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\httpprxp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrcomp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\hwrreg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IdListen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\igdDiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\immersivetpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiexe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jnwmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KdsCli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kd_02_8086.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keepaliveprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kernelceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KeyboardFilterSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\klist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\KMSVC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LangCleanupSysprepAction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\livessp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LldpNotify.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lltdsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lmhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\localui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Locator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoff.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\LogonUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpkinstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpksetupproxyserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MaintenanceUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeParserTask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MbaeXmlParser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\McxDriv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdRes.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MdSched.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MemoryDiagnostic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\migflt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\montr_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpnotify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msauserext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msched.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSchedExe.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdri.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtckrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtclog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsiCofire.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msTextPrediction.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MUILanguageCleanup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nbtstat.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcaSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ncuprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NdisImPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nduprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetEvtFwdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprofmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NetVscCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlahc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nrpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nsisvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenVideo64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OptionalFeatures.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\OVDecode64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcsvDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwrun.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pcwutl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistAD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistCacheProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistCleaner.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistHttpTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perftrack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\plasrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ploptin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pmcsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpclean.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnppolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PNPXAssocPrx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Pnrphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pnrpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ppcsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintBrmUi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelineprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PrintIsolationProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\procinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\profsvcext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityServicePal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ProximityUxHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\PurchaseWindowsLicense.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwlauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\pwsso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qappsrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qprocess.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\query.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\quser.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\qwinsta.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmbmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RASMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcfgex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpinput.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSAppXHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdsdwmdr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RDSPnf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReAgentTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recimg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\recovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\repair-bde.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rfxvmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rgb9rast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rmttpmvscmgrsvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RoamingSecurity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RotMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcEpMap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\RuntimeBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\rwinsta.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sccls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdhcinst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdiagschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sensrsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sessionmsg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetNetworkLocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SetProxyCredential.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setspn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sigverif.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SlideToShutDown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartCardSimulator.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smbwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\snmptrap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SNTSearch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SoundRecorder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spmpm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srrstr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SrTasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\srwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssdpsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sstpsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StikyNot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sti_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\streamci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\svsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\sysntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsRemoveDevice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabbtnEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TabSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapilua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskhostex.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TcpipSetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringIeProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TetheringStation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeservice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TimeSyncTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tpmvscmgrsvr.exe:$CmdTcID

**rune1990** · 2015-06-19, 21:11

Second half of Addition.txt

AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\trkwks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tscfgwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tscon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsdiscon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tskill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UI0Detect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umpowmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\umrdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unattend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultCmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VaultRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsbas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsldr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vdsvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmbuspipe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VmdCoinstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmictimeprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WallpaperHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WavDest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapAuthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnEapPeerProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdiasqmmodule.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wephostsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wercplsupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WFS.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiarpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbici.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Renewal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winethc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogonext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\witnesswmiv2provider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WLanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wlrmdr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmicmiplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofTasks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WofUtil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workerdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpcWebSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnpinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wpnsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSCollect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDPrintProxy.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSDScanProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshnetbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSReset.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUDFx02000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WWanHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WwanRadioManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdhdl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdpcom32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiadlxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticaldd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\aticfx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atidxx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atigktxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atimpc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atioglxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiu9pag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdva.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atiuxpag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\audiodev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\console.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\control.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\convert.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredentialUIBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\credwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypttpmeksvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptuiwizard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptxml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ctfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttune.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\cttunesvr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_ISCII.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8thk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dim700.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dramp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dxof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dabapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\davhlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnetlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbnmpntw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dccw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomcnfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDACLSys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddodiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DDOIProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultDeviceManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\desk.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskadp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deskmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevDispItemProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceProperties.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceUxRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\devrtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfrgui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dfscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DfsShlEx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcmonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DHCPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\difxapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsjob.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dinput8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcomp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskcopy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dispex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplaySwitch.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dllhst3g.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmband.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmcompos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdlgs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmdskmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmime.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmintf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmloader.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmocx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmstyle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmvdsitf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmview.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\docprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\doskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3api.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3dlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3gpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3hc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dot3ui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dpapiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DpiScaling.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\driverquery.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drtprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drttransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsauth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquota.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dskquoui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsound.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsquery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsrole.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dssenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Dsui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsuiext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dswave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dui70.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\duser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dvdupgrd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWWIN.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxdiagn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\DxpTaskSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxva2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapprovp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EAPQEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsadu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorAuthn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ELSCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elshyph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elslad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\elsTrans.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eqossnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\es.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentprf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcreate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\eventvwr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\expand.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\extrac32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FdDevQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdPnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWNet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\feclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\filemgmt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\find.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\findstr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\finger.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallControlPanel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fltMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Fondue.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontview.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\forfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\format.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fphc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedyn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\framedynos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\frprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fsutilext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ftp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSCOMEX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSEXT32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\FXSXP32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\g711codc.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gcdef.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getmac.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\getuname.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glmf32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\globinputhost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\glu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprefcl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpprnext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gptext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\grpconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hcproviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\help.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HelpPaneProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidphone.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\hnetmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\HOSTNAME.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\httpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\htui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ias.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasads.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iccvid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icmui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IconCodecService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\icsunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IdCtrls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\idndl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IDStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ifsutilx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imaadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\imm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetmib1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InfDefaultInstall.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputSwitch.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\intl.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtprio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir32_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_32.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir41_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ir50_qcx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irclass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\irprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicli.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsicpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsidsc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsied.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsium.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmiv2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\isoburn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itircl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\itss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iyuv_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\joy.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\KeyboardFilterCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keyiso.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\keymgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\kstvtune.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksxbar.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ktmw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2gpstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\L2SecHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codeca.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\l3codecp.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\label.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LAPRXY.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchTM.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\linkinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loadperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\localsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\loghours.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\logoncli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\lsmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\luainstall.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnification.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\makecab.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbussdapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcbuilder.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciavi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mcicda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciqtz32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mciwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdminst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf3216.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfAACEnc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcsubs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfdvdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfh264enc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mgmtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mibincodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\midimap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miguiresource.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mimofcodec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MirrorDrvCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\miutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mlang.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmcshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mobsync.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mode.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\modemui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\more.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mountvol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpg2splt.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mpr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprmsg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MRINFO.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmIndexer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaatext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msadp32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAudDecMFT.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscat32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscpxl32.dLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfime.ime:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfuimanager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdadiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdart.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdelta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdmo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msg711.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msgsm32.acm:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidcrl40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msident.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msidle.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msieftp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiltcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msisip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiwer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mskeyprotect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msls31.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoeacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msoert2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatcha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspatchc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msports.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msra.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrle32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msscript.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssha.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssip32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstask.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcirt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvidc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVideoDSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB7001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSWB70804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\msyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtstocom.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxlegih.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\muifontsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\MuiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mycomput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mydocs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Mystify.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napdsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NapiNSP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\napipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPMONTR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NAPSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Narrator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncobjapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncpa.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nddeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfetw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndfhcdiscovery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndiscapCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndishc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ndproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\negoexts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\net1.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbios.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netbtugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcorehc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netdiagfx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netjoin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Netplwiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprofm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netprovisionsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netsh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NETSTAT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\netutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\newdev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ninput.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0011.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data001E.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0404.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NL7Data0804.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmgp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nlmsprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0000.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0002.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0003.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0007.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData000f.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0010.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0018.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData001d.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0020.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0021.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0022.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0024.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0026.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0027.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData002a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0039.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData003e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0045.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0046.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0047.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0049.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004b.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004c.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData004e.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0414.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0416.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0816.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData081a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsData0c1a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Nlsdl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\normaliz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\npmproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntasn1.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdsapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntlanui2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntprint.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\objsel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ocsetapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbc32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcad32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcbcp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbccu32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcji32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcjt32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbctrac.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oddbse32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odexl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odfox32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odpdx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\odtext32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OEMLicense.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ogldrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olecli32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oledlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olesvr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\olethk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onex.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\onexui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OobeFldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\openfiles.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\opengl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenVideo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osbaseln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OskSupport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\osuninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\OVDecode.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2P.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\p2pnetsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\panmap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PATHPING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pautoenr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcacli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPKsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdhui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDist.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PeerDistSh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\perfts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PickerHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PING.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pla.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\playlistfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlaySndSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToStatusProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pnrpnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\polstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceStatus.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pots.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prevhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\print.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\printui.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prncache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prntvpt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\propsys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\proquota.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\provthrd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommonPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityRtapiPal.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\prvdmofcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\psr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pstorec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QAGENT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QCLIPROV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qmgrprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Query.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\QUTIL.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\qwave.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\racpldlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radardt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\radarrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raschapext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasctrs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\raserver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasman.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasphone.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpendp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaProxy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaPs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RdpSaUacHelper.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdrleakdiag.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvvmtransport.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\recover.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\reg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RegCtrl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedt32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regini.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Register-CimProvider.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\regsvr32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotepg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\remotesp.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\replace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resmon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RestoreOptIn.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Ribbons.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\riched32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RmClient.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rnr20.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Robocopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ROUTE.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcNs4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcnsh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcPing.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RpcRtRemote.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rshx32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RstrtMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rtutils.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runas.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\rundll32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\runonce.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sas.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbeio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SCardDlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scecli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schedcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scripto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrnsave.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrptadm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdchange.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiageng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagnhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdiagprv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SecEdit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secproc_ssp_isv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serialui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\serwvdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sethc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupcln.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\setx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sfc_os.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shfolder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shgina.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shimgvw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shpafact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shrpubw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shunimpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shutdown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\signdrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sisbkup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SkyDriveShell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\slpts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SmartScreenSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\snmpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\softpub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sort.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortServer2003Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows61.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SortWindows6Compat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spbcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spfileq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SPInf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spopk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwizeng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcecompact40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceoledb40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlceqp40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlcese40.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmstormod.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srmtrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srm_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srumsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssdpapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SSShim.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ssText3d.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Startupscan.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sti.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\subst.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\svchost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxshared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxsstore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sxstrace.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncHostps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructure.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncInfrastructureps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Syncreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syncui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysdm.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syskey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\syssetup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systeminfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\systray.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\t2embed.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\takeown.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapiperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TapiUnattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskcomp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskkill.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tasklist.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Taskmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TaskSchdPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcmsetup.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpmonui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TCPSVCS.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\telephon.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\termmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\themeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\threadpoolwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timedate.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeDateMUICallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\timeout.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tlscsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tpmcompc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmInit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TRACERT.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\traffic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tree.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsbyuv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSChannel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsAuth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsCfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\TtlsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tvratings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txflog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\txfw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\tzutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucmhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\udhisapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uexfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ufat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uicom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uireng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ulib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\umdmxfrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdmat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uniplat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unlodctr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\unregmp2.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnpcont.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\upnphost.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ureg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbceip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usbui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserAccountControlSettings.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userenv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\userinitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ustprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\utildll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uudf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\UXInit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\uxtheme.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VAN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Vault.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VBICodec.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbisurf.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vds_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verclsid.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\verifier.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\version.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vfwwdm32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vidcap.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vpnikeapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\VscMgrPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vss_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32tm.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\w32topl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WABSyncProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\waitfor.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wavemsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wbemcomn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcmapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcnApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WcsPlugInService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\webservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Websocket.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wecutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werdiagcontroller.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtfwd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WfHC.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\where.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whhelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\whoami.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaacmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadefui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiadss.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiascanprofiles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiashext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wiatrace.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wimgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winbrand.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincredprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Display.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\windowslivelogin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinFax.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininitext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winipsec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Winlangdb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmmbase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winnsi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrscmd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrshost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winrssrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSATAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsku.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsockhc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WINSRPC.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncMetastore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSyncProviders.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winusb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wkspbrokerAx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WLanConn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlandlg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanext.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlaninst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlanMM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcredprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidfdp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidnsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WlS0WndH.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmcodecdspps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmlog.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdmps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmdev.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmnet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiclnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidcom.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmidx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmiprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmitomi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WmpDui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmsgapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVCORE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmvdspa.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wowreg32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2help.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscproxystub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshelper.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wship6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshirda.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshqos.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSHTCPIP.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmplpxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsmprovhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsock32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSTPager.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wtsapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wusa.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_8.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xcopy.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput1_4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInput9_1_0.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xmlprovi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsFilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XpsRasterService.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsservices.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\XPSSHHDR.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpssvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwizards.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwreg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpdui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\xwtpw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ati2erec.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmdag.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmpag.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\csc.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mpsdrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mslldp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndiscap.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\NdisImPlatform.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Ndu.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netbios.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netvsc63.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nsiproxy.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\qwavedrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasacd.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\refs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rootmdm.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scfilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\swenum.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tbs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\UCX01000.SYS:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbcir.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbus.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmstorfl.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wimmount.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhv.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wpcfltr.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Cassy\Desktop\aswMBR.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\aswMBR.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Desktop\tumblr_n3ho4gjA091qktgxso1_1280.png:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Desktop\tweaking.com_registry_backup_setup(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Desktop\tweaking.com_registry_backup_setup(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\AdwCleaner.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\AdwCleaner.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\camtasia.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\camtasia.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\mbam-setup-2.1.6.1022.exe:$CmdZnID
AlternateDataStreams: C:\Users\Cassy\Downloads\Office_2013_EN.exe:$CmdTcID
AlternateDataStreams: C:\Users\Cassy\Downloads\spybot-2.4.exe.part:$CmdTcID

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3775124505-4180658665-910221950-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cassy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "BambooCore"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\StartupFolder: => "nnfflllt.lnk"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_36970D3059E4608AE74B88E09A7E6CB3"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "nnfflllt"
HKU\S-1-5-21-3775124505-4180658665-910221950-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [UDP Query User{90C8FD93-8CA0-44CC-BEBB-8F04AA96C654}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{E8E0F5E1-5411-4DAE-BA30-078FB3DB87A7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{1A5BC594-3E42-4FC4-B8F2-3CFE9920339F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{0B3FA924-0A3B-44B6-847A-1E98AF1A2814}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{3CA0F7EE-055C-4BAA-9F00-FDF2FEE3C917}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{7B6A0852-1125-4998-922F-0DC9887D9D0C}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\ibtmp90bb489\component_514
FirewallRules: [{CECD2451-F4CA-4C9C-83B6-A88FDE2D2EC8}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\ibtmp90bb489\component_514
FirewallRules: [{55BB23C6-F4DF-4B21-8307-E2D75D019D14}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\pcp_conduit_setup.exe
FirewallRules: [{48E6E930-E62D-4153-93B0-3BF0079CB0ED}] => (Allow) C:\Users\Cassy\AppData\Local\Temp\pcp_conduit_setup.exe
FirewallRules: [{181F99B9-A961-48AA-B7D2-E8EF9E2BB89F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{FC3CC8E9-CC9E-4183-9D1E-E83CE53C3140}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{4C4349CA-C49E-4FCF-B6A5-4956ACEBBDAB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CFAE0B6A-803E-4670-8AAF-71E86BDBDEBE}] => (Allow) LPort=2869
FirewallRules: [{8DAB111B-0FD6-4599-9914-386375D29197}] => (Allow) LPort=1900
FirewallRules: [{9E19D17F-F1D5-4489-BD2B-165758D3FD6A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{050976CF-DDF8-4658-A768-A77ED0852D15}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{56950948-101D-4358-A989-CE70D785B52A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B94C1C5A-5EA5-4108-BA72-DF4ED7234084}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A054E8CC-D6E5-494C-A413-14F7763DF69D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{4FA77159-96F3-4514-BA96-A0E35607ADCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{99286920-640E-42E2-BB0E-11D2AB26ECE8}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{82FA0BEF-C6EB-42C4-A024-09228D704C2B}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{4B1B5B03-7554-458D-919F-770525DEA53D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F078BE23-B1C7-4B98-853C-E5B53B884054}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{74F78ED1-D17C-485C-848C-5C106FA96434}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{08EAFC25-1D2D-433A-BAC0-5C06D12CE23B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6A8FD5DB-0DFD-428E-8B04-E5802A2A8AC6}] => (Allow) LPort=8317
FirewallRules: [{E29EBDD2-EEAA-4242-994E-E99307A29EF0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{813DA85A-6EF4-45C8-B2F0-E4EFBF89F053}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{E6346685-FCDC-49B2-9E67-F2C221380C7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2015 11:19:46 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisFileRatingChange" whose target class "CisFileRatingChange" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisStatusChange" whose target class "CisStatusChange" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisNotification" whose target class "CisNotification" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM FwAlert" whose target class "FwAlert" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM DfAlert" whose target class "DfAlert" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM AvAlert" whose target class "AvAlert" in //./root/cis namespace does not exist. The query will be ignored.

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider CisWmi attempted to register query "SELECT * FROM CisAlert" whose target class "CisAlert" in //./root/cis namespace does not exist. The query will be ignored.

System errors:
=============
Error: (06/19/2015 00:06:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (06/19/2015 11:17:52 AM) (Source: DCOM) (EventID: 10010) (User: Cassy-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (06/19/2015 11:17:21 AM) (Source: DCOM) (EventID: 10010) (User: Cassy-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (06/19/2015 09:56:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (06/19/2015 09:56:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (06/18/2015 06:23:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/18/2015 06:23:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/18/2015 06:23:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GeekBuddyRSP Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (06/18/2015 06:23:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Dragon Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/18/2015 06:23:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office:
=========================
Error: (06/19/2015 11:19:46 AM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\WINDOWS\System32\perfproc.dll0

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NET_4.0.30319aspnet_counters.dll8

Error: (06/19/2015 11:19:23 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ASP.NETaspnet_counters.dll8

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis

Error: (06/18/2015 05:57:33 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: CisWmiSELECT * FROM CisAlertCisAlert//./root/cis

CodeIntegrity Errors:
===================================
Date: 2015-06-19 13:13:59.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 12:07:43.977
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 12:05:42.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 12:00:20.428
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 10:10:08.556
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-19 09:55:16.308
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-18 20:18:30.399
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-18 18:03:48.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-18 17:56:56.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-06-18 17:48:13.572
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 48%
Total physical RAM: 3689.36 MB
Available physical RAM: 1902.27 MB
Total Pagefile: 7401.36 MB
Available Pagefile: 5016.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:252.89 GB) (Free:167.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:23.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AF23A0F5)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=252.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End of log ============================

**rune1990** · 2015-06-19, 21:17

After reading through some of the logs i just wanted to add in that this laptop is used mostly for school and watching youtube videos, i dont go to any of those terrible websites and don't understand why i am always have so much trouble with this computer! anyways thanks so much for your help

**ken545** · 2015-06-19, 22:37

I am attaching a FIXLIST file, you need to download it to your desktop where you now have FRST64 or the fix wont work, use your mouse to drag FIXLIST right next to FRST64, either above or below it but not right on top of it, after its downloaded open up FRST64 and click on FIX (Not Scan) it wont take long, after your computer reboots you will find a FIXLOG file on your desktop, post it please and let me know how your system is behaving now

I have to do this in a few fixes as the file is to large for the forum

Here comes one

**rune1990** · 2015-06-19, 23:16

ï»¿Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Sollux Captor at 2015-06-19 17:01:15 Run:1
Running from C:\Users\Cassy\Desktop
Loaded Profiles: Sollux Captor (Available Profiles: Sollux Captor)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
tartup: C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnfflllt.lnk [2014-07-23]
ShortcutTarget: nnfflllt.lnk -> C:\Users\Cassy\AppData\Local\nnfflllt.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-06-14 13:07 - 2015-06-14 13:07 - 00001220 _____ C:\Users\Public\Desktop\Reg Pro Cleaner.lnk
2014-07-23 18:22 - 2014-09-14 18:35 - 0196608 _____ () C:\Users\Cassy\AppData\Local\nnfflllt.gdb
2014-07-23 18:22 - 2014-09-14 18:35 - 1092180 _____ () C:\Users\Cassy\AppData\Local\nnfflllt.gss
AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\hh.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\twain_32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\winhlp32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\write.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acledit.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acppage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\acproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ActionQueue.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\activeds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adhsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AdmTmpl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adrclient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\advpack.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aecache.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aelupsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepdu.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AepRoam.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitagent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\alg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AltTab.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdhdl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdmiracast.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdocl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amdpcom64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\amstream.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Apphlpdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppIdPolicyEngineApi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgmts.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appsruprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxApplicabilityEngine.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ARP.EXE:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\at.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AtBroker.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiadlxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiapfxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalcl64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticaldd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticalrt64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\aticfx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidemgy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atidxx64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atieclxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiesrxx.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6pxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atig6txx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiglpxx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimpc64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atimuixx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atio6axx.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atitmm64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiu9p64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiumd6a.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atiuxp64.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atlthunk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\attrib.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditcse.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditNativeSnapIn.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuditPolicyGPInterop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authfwcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWGP.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWSnapin.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthFWWizFwk.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AuthHostProxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AutoWorkplaceN.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avicap32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avifil32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\avrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstSv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AxInstUI.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\AzSqlExt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\baaupdate.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\backgroundTaskHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\batmeter.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdboot.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdprov.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcdsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BCP47Langs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdaplgin.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdechangepin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bderepair.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeSysprep.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BdeUISrv.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bidispl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BioCredProv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BitLockerWizardElev.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsadmin.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsperf.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx2.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx3.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx4.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx5.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx6.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bitsprx7.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\blb_ps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootcfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootim.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootsect.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\brdgcfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bridgeunattend.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BrokerLib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthHFSrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthpanapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthpanContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BthSQM.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\btpanui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Bubbles.scr:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BulkOperationHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\BWContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabinet.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cabview.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cacls.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CallButtons.ProxyStub.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CameraSettingsUIHost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capiprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\capisp.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certca.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certCredProvider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollCtrl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CertPolEng.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfgmgr32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cfmifsproxy.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\change.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chcp.com:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CheckNetIsolation.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chglogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgport.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chgusr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkdsk.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkntfs.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\chkwudrv.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\choice.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cic.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CIRCoInst.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clb.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clbcatq.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cliconfg.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clip.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudNotifications.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmcfg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmd.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdext.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdkey.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmdl32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmlua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmpbk32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmstplua.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cmutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngcredui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cngprovider.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cnvfat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofire.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\cofiredm.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\coinst_13.251.9001.1001.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colbact.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorcpl.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\colorui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comcat.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compact.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompMgmtLauncher.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ComputerDefaults.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comrepl.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsnap.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConnectedAccountState.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\console.dll:$CmdTcID
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End

*****************

Processes closed successfully.
Restore point was successfully created.
tartup: C:\Users\Cassy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nnfflllt.lnk [2014-07-23] => Error: No automatic fix found for this entry.
C:\Users\Cassy\AppData\Local\nnfflllt.exe not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Users\Public\Desktop\Reg Pro Cleaner.lnk => moved successfully.
C:\Users\Cassy\AppData\Local\nnfflllt.gdb => moved successfully.
C:\Users\Cassy\AppData\Local\nnfflllt.gss => moved successfully.
"C:\WINDOWS\avastSS.scr" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\HelpPane.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\hh.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\notepad.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\regedit.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\splwow64.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\twain_32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\winhlp32.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\write.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\accessibilitycpl.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\acledit.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aclui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\acmigration.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\acppage.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\acproxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ActionCenter.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ActionCenterCPL.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ActionQueue.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\activeds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\actxprxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adhapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adhsvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AdmTmpl.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adprovider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adrclient.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adsldp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adsldpc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adsmsext.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adsnt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\advapi32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\advpack.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aecache.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aeinv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aelupsvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aepdu.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aepic.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AepRoam.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aitagent.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aitstatic.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\alg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AltTab.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\amdhdl64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\amdmiracast.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\amdocl64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\amdpcom64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\amstream.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\apds.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\apphelp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Apphlpdm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appidapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appidcertstorecheck.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appidpolicyconverter.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppIdPolicyEngineApi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appidsvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appinfo.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appmgmts.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appmgr.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appraiser.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppReadiness.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\apprepapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\apprepsync.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appsruprov.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\appwiz.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxAllUserStore.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxApplicabilityEngine.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppXDeploymentClient.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppXDeploymentExtensions.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppXDeploymentServer.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxPackaging.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxSip.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AppxSysprep.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ARP.EXE" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\asycfilt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\at.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AtBroker.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiadlxx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiapfxx.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aticalcl64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aticaldd64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aticalrt64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\aticfx64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atidemgy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atidxx64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atieclxx.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiesrxx.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atig6pxx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atig6txx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiglpxx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atimpc64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atimuixx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atio6axx.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atitmm64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiu9p64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiumd64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiumd6a.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atiuxp64.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atl.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atlthunk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\atmlib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\attrib.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\audiodg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AudioEndpointBuilder.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AudioEng.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AUDIOKSE.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AudioSes.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\audiosrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\auditcse.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuditNativeSnapIn.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuditPolicyGPInterop.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthBroker.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthExt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\authfwcfg.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthFWGP.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthFWSnapin.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthFWWizFwk.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AuthHostProxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\autoconv.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\autoplay.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AutoWorkplaceN.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\avicap32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\avifil32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\avrt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AxInstSv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AxInstUI.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\azroles.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\azroleui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\AzSqlExt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\baaupdate.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\backgroundTaskHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BackgroundTransferHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\basecsp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\basesrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\batmeter.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcdboot.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcdedit.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcdprov.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcdsrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BCP47Langs.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcrypt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bcryptprimitives.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bdaplgin.ax" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bdechangepin.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BdeHdCfg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BdeHdCfgLib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bderepair.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bdesvc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BdeSysprep.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bdeui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BdeUISrv.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bdeunlock.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BFE.DLL" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bidispl.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BioCredProv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bisrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BitLockerDeviceEncryption.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BitLockerWizard.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BitLockerWizardElev.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsadmin.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsigd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsperf.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx2.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx3.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx4.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx5.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx6.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bitsprx7.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\biwinrt.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\blackbox.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\blb_ps.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BluetoothApis.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bootcfg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bootim.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BootMenuUX.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bootsect.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bootux.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\brdgcfg.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bridgeunattend.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BrokerLib.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\browcli.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\browser.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\browseui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bthci.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BthHFSrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BthMtpContextHandler.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bthpanapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BthpanContextHandler.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bthprops.cpl" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BthRadioMedia.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bthserv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BthSQM.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\bthudtask.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\btpanui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\Bubbles.scr" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BulkOperationHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\BWContextHandler.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ByteCodeGenerator.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cabinet.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cabview.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cacls.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CallButtons.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CallButtons.ProxyStub.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CameraSettingsUIHost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\capiprovider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\capisp.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\catsrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\catsrvps.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\catsrvut.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cca.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cdd.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cdosys.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certca.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certcli.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certCredProvider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certenc.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CertEnroll.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CertEnrollCtrl.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CertEnrollUI.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certmgr.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CertPolEng.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certprop.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certreq.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\certutil.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cewmdm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cfgbkend.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cfgmgr32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cfmifs.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cfmifsproxy.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\change.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\charmap.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chartv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chcp.com" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CheckNetIsolation.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chglogon.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chgport.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chgusr.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chkdsk.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chkntfs.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\chkwudrv.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\choice.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CHxReadingStringIME.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ci.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cic.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cipher.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CIRCoInst.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clb.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clbcatq.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cleanmgr.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clfsw32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cliconfg.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cliconfg.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clinfo.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clip.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CloudNotifications.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CloudStorageWizard.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\clusapi.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmcfg32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmd.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmdext.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmdial32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmdkey.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmdl32.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmifw.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmlua.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmmon32.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmpbk32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmstp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmstplua.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cmutil.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cngcredui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cngprovider.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cnvfat.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cofire.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\cofiredm.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\coinst_13.251.9001.1001.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\colbact.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\COLORCNV.DLL" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\colorcpl.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\colorui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\combase.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comcat.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comctl32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comdlg32.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comp.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\compact.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CompMgmtLauncher.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\CompPkgSup.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\compstui.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ComputerDefaults.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comrepl.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comsnap.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comsvcs.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\comuid.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ConfigureExpandedStorage.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\conhost.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\connect.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ConnectedAccountState.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\consent.exe" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\ConsentUX.dll" => ":$CmdTcID" ADS not found.
"C:\WINDOWS\system32\console.dll" => ":$CmdTcID" ADS not found.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 644 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 17:03:58 ====

**rune1990** · 2015-06-19, 23:20

As far as how the computer is running, i am noticing some overall improvement, however even just opening Firefox takes a good minute or two to successfully open. Loading and opening new tabs also takes a very long time. Haven't really been using it much lately but it seems slightly less glitchy.

**ken545** · 2015-06-19, 23:45

No need to post the logs, here comes two

Thread: Pop-ups, redirects and slow computer

Thread Tools

Display

Posting Permissions