Programs not running

Status
Not open for further replies.
R

rune1990

New member
I've run frst64.exe and saved the two logs but cannot post them as I continuously get 504 gateway time-out nginx errors.

I tried to run aswmbr.exe but it caused my system to reboot.

Any help is appreciated!
 
I'll go ahead and post what I can now, as last time I tried to run aswmbr.exe my laptop restarted :/

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-04-2017
Ran by (administrator) on (21-04-2017 19:48:01)
Running from C:\Users\R\Downloads
Loaded Profiles: (Available Profiles:)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\SysWOW64\UMonit64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Spotify Ltd) C:\Users\R\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(COMODO) D:\COMODO\COMODO Internet Security\cmdagent.exe
(COMODO) D:\COMODO\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-11-27] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe******************************************************************************************************************************* [40960 2013-03-14] ()
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-31] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2066432 2015-03-29] (AimerSoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-03-29] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-11-27] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-09-03] (Safer-Networking Ltd.)
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\Run: [Spotify Web Helper] => C:\Users\R\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-16] (Spotify Ltd)
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-10-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-10-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-10-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-10-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-10-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-10-15] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{87542c5a-1377-4d5b-85f5-4ac1216a68ae}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{87542c5a-1377-4d5b-85f5-4ac1216a68ae}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d705a51f-036f-4846-bdc0-4a0dc9115a8a}: [NameServer] 156.154.70.22,156.154.71.22

Internet Explorer:
==================
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~3\AIMERS~1\VIDEOC~1\WSBROW~1.DLL => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File

FireFox:
========
FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default [2017-04-21]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\pooh0kfu.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\pooh0kfu.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\pooh0kfu.default -> hxxp://www.theloop.ca/
FF Extension: (PrivDog) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\Extensions\PrivDog@AdTrustMedia.com [2014-06-19] [not signed]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-23]
FF Extension: (NoScript) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-22]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\features\{e0535ec3-f466-4a52-a7a0-b75f27473ccb}\disable-cert-transparency@mozilla.org.xpi [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\features\{e0535ec3-f466-4a52-a7a0-b75f27473ccb}\disable-prefetch@mozilla.org.xpi [2017-04-18]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-21] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-22] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-31] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-31] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-11-27] (Broadcom Corporation.)
R2 cmdAgent; D:\COMODO\COMODO Internet Security\cmdagent.exe [10508904 2017-04-06] (COMODO)
S3 cmdvirth; D:\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-06] (COMODO)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-04-11] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-11-27] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-11-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-11-27] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-04-11] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40960 2017-03-30] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [831504 2017-03-30] (COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50808 2017-03-30] (COMODO)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [91368 2013-03-21] (GenesysLogic)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [129200 2017-03-30] (COMODO)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-31] (NVIDIA Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-21 19:48 - 2017-04-21 19:49 - 00018550 _____ C:\Users\R\Downloads\FRST.txt
2017-04-21 19:47 - 2017-04-21 19:48 - 00000000 ____D C:\FRST
2017-04-21 19:45 - 2017-04-21 19:46 - 05198336 _____ (AVAST Software) C:\Users\R\Downloads\aswMBR.exe
2017-04-21 19:44 - 2017-04-21 19:47 - 02424832 _____ (Farbar) C:\Users\R\Downloads\FRST64.exe
2017-04-21 19:43 - 2017-04-21 19:44 - 01766912 _____ (Farbar) C:\Users\R\Downloads\FRST.exe
2017-04-21 19:23 - 2017-04-21 19:23 - 00000893 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2017-04-11 15:07 - 2017-04-11 14:52 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 02262776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsecsnp.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsmsnap.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 15:07 - 2017-04-11 14:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 15:07 - 2017-04-11 14:50 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 06667520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-04-11 15:06 - 2017-04-11 14:52 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-04-11 15:06 - 2017-04-11 14:52 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-11 15:06 - 2017-04-11 14:52 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01851688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01414728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 15:06 - 2017-04-11 14:52 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-04-11 15:06 - 2017-04-11 14:52 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 12181504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 06045184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-04-11 15:06 - 2017-04-11 14:51 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-04-11 15:06 - 2017-04-11 14:51 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-11 15:06 - 2017-04-11 14:51 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-11 15:06 - 2017-04-11 14:51 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 15:06 - 2017-04-11 14:50 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 15:06 - 2017-04-11 14:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 15:06 - 2017-04-11 14:50 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 15:06 - 2017-04-11 14:50 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 15:06 - 2017-04-11 14:50 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 08168512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-04-11 14:59 - 2017-04-11 14:51 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-11 14:59 - 2017-04-11 14:51 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 03612672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 14:59 - 2017-04-11 14:50 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 14:59 - 2017-04-11 14:50 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 22221368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 08126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 07655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 02533728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-04-11 14:58 - 2017-04-11 14:51 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-04-11 14:58 - 2017-04-11 14:51 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-11 14:58 - 2017-04-11 14:51 - 01157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 14:58 - 2017-04-11 14:51 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00218520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 13087232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02758648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 14:57 - 2017-04-11 14:51 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 14:57 - 2017-04-11 14:51 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 01276760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-04-11 14:57 - 2017-04-11 14:51 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 14:57 - 2017-04-11 14:51 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 14:57 - 2017-04-11 14:50 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-04-11 14:57 - 2017-04-11 14:50 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 14:57 - 2017-04-11 14:50 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 14:57 - 2017-04-11 14:50 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-11 14:56 - 2017-04-11 14:52 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-04-11 14:56 - 2017-04-11 14:52 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 14:56 - 2017-04-11 14:51 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-04-11 14:56 - 2017-04-11 14:51 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-04-11 14:56 - 2017-04-11 14:50 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-11 14:56 - 2017-04-11 14:50 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-11 14:56 - 2017-04-11 14:50 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-04-11 10:34 - 2017-04-11 10:34 - 00000000 ____D C:\Users\R\AppData\Roaming\Twitch
2017-04-11 10:34 - 2017-04-11 10:34 - 00000000 ____D C:\ProgramData\Twitch
2017-04-11 10:33 - 2017-04-11 10:33 - 00001043 _____ C:\Users\R\Desktop\Twitch.lnk
2017-04-11 10:33 - 2017-04-11 10:33 - 00001029 _____ C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2017-04-06 17:03 - 2017-04-06 17:03 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-04-06 17:03 - 2017-04-05 01:58 - 00230592 _____ (COMODO) C:\WINDOWS\system32\cmdshim64.dll
2017-04-06 17:03 - 2017-04-05 01:56 - 00194752 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdshim32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-21 19:33 - 2016-12-10 20:53 - 00000000 ____D C:\Users\R\AppData\LocalLow\Mozilla
2017-04-21 19:20 - 2016-07-16 02:04 - 00065536 _____ C:\WINDOWS\system32\config\ELAM
2017-04-21 19:20 - 2015-11-27 15:12 - 01419262 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-21 19:18 - 2013-08-18 20:39 - 00000074 _____ C:\Users\R\AppData\Roaming\sp_data.sys
2017-04-21 19:16 - 2016-09-25 04:10 - 00000000 ____D C:\Users\R
2017-04-21 19:15 - 2016-11-18 00:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-21 19:15 - 2016-09-25 04:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-21 19:15 - 2016-09-25 04:06 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-21 19:15 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-04-21 19:15 - 2013-08-18 20:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-21 19:14 - 2017-02-12 08:35 - 00000000 ____D C:\Users\R\AppData\Roaming\Curse Client
2017-04-21 18:47 - 2016-09-25 04:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-21 18:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-21 18:22 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-21 12:12 - 2016-05-06 12:33 - 00001810 _____ C:\Users\R\Desktop\Band Emails.txt
2017-04-21 12:00 - 2016-09-25 04:31 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-04-21 12:00 - 2016-09-25 04:31 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-04-21 11:51 - 2016-05-06 12:27 - 00004078 _____ C:\Users\R\Desktop\HotR Invite.txt
2017-04-21 05:39 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-04-20 23:49 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-20 23:49 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-20 12:00 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-19 17:03 - 2013-08-19 11:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-19 13:45 - 2016-09-25 04:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-04-19 13:44 - 2016-09-25 04:02 - 00203184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-19 13:44 - 2015-11-09 11:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-19 13:44 - 2015-11-09 11:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-19 13:41 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-19 13:35 - 2014-08-25 15:12 - 00000000 ____D C:\Users\R\AppData\Local\Battle.net
2017-04-17 21:34 - 2015-08-27 23:29 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-04-17 16:46 - 2014-08-25 15:11 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-16 19:57 - 2016-09-25 04:31 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-16 19:57 - 2016-09-25 04:31 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 17:29 - 2013-08-19 03:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 17:27 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-11 17:27 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 17:27 - 2015-11-09 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-11 17:27 - 2013-08-19 03:37 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 14:52 - 2016-09-25 04:05 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-08 12:52 - 2013-12-16 11:26 - 00532136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-05 02:01 - 2013-09-24 11:53 - 00732368 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2017-04-05 02:01 - 2013-09-24 11:53 - 00051808 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2017-04-05 02:00 - 2013-09-24 11:53 - 00941768 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2017-04-05 01:58 - 2013-09-24 11:53 - 00457408 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2017-04-05 01:56 - 2013-09-24 11:53 - 00363200 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2017-03-30 21:01 - 2015-08-10 09:37 - 00129200 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2017-03-30 21:01 - 2013-09-24 11:54 - 00831504 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2017-03-30 21:01 - 2013-09-24 11:54 - 00050808 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2017-03-30 21:01 - 2013-09-24 11:54 - 00040960 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys

==================== Files in the root of some directories =======

2013-08-18 20:39 - 2017-04-21 19:18 - 0000074 _____ () C:\Users\R\AppData\Roaming\sp_data.sys
2014-04-29 10:23 - 2014-04-29 10:23 - 0007605 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg
2012-11-27 14:26 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-27 14:26 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-27 14:26 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-15 07:31

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2017
Ran by Rachel (21-04-2017 19:49:28)
Running from C:\Users\R\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-25 08:35:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4290041746-2185032213-3448383080-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4290041746-2185032213-3448383080-503 - Limited - Disabled)
Guest (S-1-5-21-4290041746-2185032213-3448383080-501 - Limited - Disabled)
Rachel (S-1-5-21-4290041746-2185032213-3448383080-1002 - Administrator - Enabled) => C:\Users\R

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.020 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.95.48 - Broadcom Corporation)
COMODO Firewall (HKLM\...\{093F13A3-177C-493E-8958-912A0C690B64}) (Version: 10.0.1.6209 - COMODO Security Solutions Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ELAN Touchpad 11.5.19.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.19.2 - ELAN Microelectronic Corp.)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
K-Lite Codec Pack 11.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.5 - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version: - Electronic Arts)
Uninstall Bagpipe Player (HKLM-x32\...\{B5A91531-508A-4B14-B521-3105E19F3605}_is1) (Version: 1.1 - MightyCoder)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6200 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
影像中心 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4290041746-2185032213-3448383080-1002_Classes\CLSID\{69785b76-2246-4c03-abaf-d3fae2c5e949}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A07F30D-8503-481C-A791-E031D107468F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-28] (Google Inc.)
Task: {2455DBBF-ED69-4087-B8D8-394D40D08EA6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2B721FBB-CFBB-4B30-9572-02B82971F78E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {392F69A5-C1CE-43C0-A982-FF48ECE1B4F3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3ACF1A86-DF74-406B-838E-00B50625B40E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-05-23] ()
Task: {3BFEEA60-6B74-4E48-BC13-A31EB0D8736C} - System32\Tasks\{AF2C40CE-6D9E-42D4-848E-D9E0F66064A5} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1601
Task: {4051401D-F378-4D18-BDF4-3F38358CD55C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {4637AAF9-190B-48E2-8132-440521743036} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-11-27] (Safer-Networking Ltd.)
Task: {48FF4FAE-A084-40A5-94CA-906DEB8E9025} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4CEE4888-8D15-4C26-B265-C6F4DC2AE6A0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {55682CEF-4C35-4245-B624-2D3173C749B3} - System32\Tasks\{1FA960EA-3479-414B-B6DE-644960E60917} => pcalua.exe -a "C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\unins000.exe"
Task: {5B7A3092-FF23-4953-A79A-FA4B5B2E1BFE} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {5F22BBAD-8FD8-42FE-AE9A-36AA6766510C} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {612405E3-AC78-4EAE-BC0B-85198BB26E8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-28] (Google Inc.)
Task: {65FC01E9-8597-4247-A241-04A4926FA085} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-05-23] (ASUSTeK Computer Inc.)
Task: {69BE304B-5D96-40ED-9455-E048599B0EA8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {79CB47C9-F697-4C92-93B0-7E4D05B2D826} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {86EDD3F5-6C7E-4A3D-A626-6B63A1842525} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {90BA0751-0E8B-47AB-8D0C-1382229D6E3A} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => D:\COMODO\COMODO Internet Security\cistray.exe [2017-04-06] (COMODO)
Task: {A8A2D02D-661C-4222-9E9B-B42B43AB2D9C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {A931B331-59F4-46E7-8628-18703B96658D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B4897E97-7A18-4F7A-A872-2ABDF4E5F601} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {C06A7805-F598-4EB2-9C4F-C81524A9962D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {C8C21B76-1D30-45F6-8CBA-E86CDD98C3E6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {CD5F0113-2871-44D3-A176-52D36E968E44} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {CED8382A-C1BF-4B92-95A8-B4CF14A25EE4} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-05-23] (ASUSTeK Computer Inc.)
Task: {D0E12DC2-0B2A-4BF3-9753-25CEA1633802} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {D12BE019-EC52-4B8D-B351-9C9448D9ABCE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D19628FD-D4DB-4DE1-A272-61BA17DDD2DA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-11-27] (Safer-Networking Ltd.)
Task: {D4D68587-13B1-499D-BED2-668EBB9821C1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => D:\COMODO\COMODO Internet Security\cistray.exe [2017-04-06] (COMODO)
Task: {E125D730-53BE-4787-A39D-5595E22E2AF3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-11-27] (Safer-Networking Ltd.)
Task: {EC95F996-3FCB-4136-9AEC-C7A178E82716} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EDA51093-6D1E-4C03-B9E8-045910F80190} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EFDFBAFB-9819-4D51-BA1E-A06E6B00A901} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {F684D0E3-8D02-44D0-A31A-8D9E3CC6398E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FF0BD328-D043-417A-B2C1-E7CA96FF5A55} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {FF8054B2-CD14-4C79-B2E1-A3037D1C37E4} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 04:06 - 2016-08-01 08:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-24 20:26 - 2012-08-24 20:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-15 17:51 - 2016-10-15 17:51 - 00959168 _____ () C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-03-29 13:56 - 2015-03-29 13:56 - 00721263 _____ () C:\WINDOWS\SysWOW64\AiCM64.dll
2017-04-07 23:14 - 2017-04-07 23:15 - 02151632 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-04-07 23:14 - 2017-04-07 23:15 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2016-09-25 07:57 - 2016-09-25 07:57 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 05:28 - 2017-03-15 05:28 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 05:29 - 2017-03-15 05:29 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 05:29 - 2017-03-15 05:29 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 05:29 - 2017-03-15 05:29 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-05-31 10:51 - 2013-03-14 05:46 - 00040960 _____ () C:\Windows\SysWOW64\UMonit64.exe
2013-05-31 10:56 - 2011-09-19 13:40 - 00466944 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2017-04-10 15:34 - 2017-04-10 15:36 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-04-10 15:34 - 2017-04-10 15:36 - 00189952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-10 15:34 - 2017-04-10 15:36 - 42507264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-04-10 15:34 - 2017-04-10 15:36 - 02334184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\skypert.dll
2017-04-06 17:03 - 2017-04-05 01:58 - 00156352 _____ () D:\COMODO\COMODO Internet Security\cmdwrhlp.dll
2017-04-06 17:03 - 2017-04-05 01:57 - 00244928 _____ () D:\COMODO\COMODO Internet Security\cmdcomps.dll
2017-04-06 17:03 - 2017-04-05 01:57 - 00107200 _____ () D:\COMODO\COMODO Internet Security\cavwpps.dll
2015-11-27 15:35 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-11-27 15:35 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-11-27 15:35 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-11-27 15:35 - 2015-11-27 15:35 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-30 19:28 - 2015-08-26 20:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-15 17:51 - 2016-10-15 17:51 - 00679624 _____ () C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2014-12-11 18:40 - 2014-12-11 18:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothDesktopHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CellularAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CfgSPCellular.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CNC280C.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280I.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280L.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280O.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHI10A.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHL280.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCA6.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCAN.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNMIUAA.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNMLMAA.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CspCellularSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDirectoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DuCsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAPNCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\musdialoghandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6431141.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435582.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435598.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435850.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6431141.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435582.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435598.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435850.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintRenderAPIHost.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RdpRelayTransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSaveExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AiCM32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AiCM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNC280L.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNC280U.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNHMCA.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicDisplay.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicRender.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthLEEnum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmclr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\Public\Desktop\Post Win10 Spybot-install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Andy-Guitar-Beginners-Course-eBook-Feb-2015.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Andy-Guitar-Beginners-Course-eBook-Feb-2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Cybex Flat Olympic.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\funny-pictures-auto-799230.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\gordon tartan.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Gordon_anicent_family_tartan.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Help! weight chart.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\MyHomeHills.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Step Reebok_ The Video 1992 - YouTube [360p].webm:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Supercharged-Hormone-Diet-Belly-Fat-Plan.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Supercharged-Hormone-Diet-Belly-Fat-Plan.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\22LittleCloudsENGLISH.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\22LittleCloudsENGLISH.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\aimer-video-ultimate_setup_full523.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\aimer-video-ultimate_setup_full523.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\AllProducts.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\AllProducts.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\AtLongLast-MPB.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\avast_free_antivirus_setup_offline.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\avast_free_antivirus_setup_offline.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Avery-Label-6450(1).avery:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Avery-Label-6450(1).avery:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Avery-Label-6450.avery:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BagpipePlayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BagpipePlayer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer(1).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Bgreader.hlp:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bluebells.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bluebells.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BMW1____.TTF:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\BMW1____.TTF:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bonnie_dundee.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bonnie_dundee.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Bonny-Galloway-set.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Bonny-Galloway-set.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BP-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BP-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Castle Dangerous Set LCPD.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Castle Dangerous Set LCPD.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\CoWPaD Castle Dangerous Seconds.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\CoWPaD Castle Dangerous Seconds.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\DarkMarkIllusionScarf.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\DarkMarkIllusionScarf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\flashplayer24_jd_install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\flashplayer24_jd_install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\GoogleEarthPluginSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\GoogleEarthPluginSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.3.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.3.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.4.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.4.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Heroes-of-the-Storm-Setup-enUS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Heroes-of-the-Storm-Setup-enUS.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Im-a-believer.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Im-a-believer.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\jfrd_tune_settings_book_05-2015.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\jfrd_tune_settings_book_05-2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Jig1(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig1(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Jig1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Jig2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\killiecrankie.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\killiecrankie.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\laceyarchesinfinityscarf_aiid508740.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\laceyarchesinfinityscarf_aiid508740.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Little_Rucksack_Susie_ENG6.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Little_Rucksack_Susie_ENG6.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\maris wedding.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\maris wedding.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Ontario Railway Map Collection.kmz:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Ontario Railway Map Collection.kmz:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Reel1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Reel1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\scotswhahae.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\scotswhahae.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\ServiceOntario Providing your Copy of Your Electronic Product.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\ServiceOntario Providing your Copy of Your Electronic Product.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Silverlight_x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Silverlight_x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\SpotifySetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\springtimebandit_aiid145528.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\springtimebandit_aiid145528.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Tachum1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Tachum1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Thinking-out-loud.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Thinking-out-loud.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\vol-4-track.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\vol-4-track.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Warmup1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Warmup1.pdf:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\R\Desktop\world-of-warcraft-pet-battles-chart-small.png
DNS Servers: 156.154.70.22 - 156.154.71.22
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DAF86EEC-DC32-49F1-B72F-0F0B25755178}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{DA00E8C5-7536-4D02-9E53-6CD721A5F079}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{CCE9D1AC-F7D9-4FBD-A114-55A9D3250E1D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{7D3B035E-27DD-44E9-91FD-459FC0504BC1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{6A9EF8EB-9BA1-40C1-9948-8493E9FD0B29}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{B25D7AFC-96F7-48E5-B4F4-F9FDF11022D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{738D9911-5EE2-46D3-9021-1F874CE6B405}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{FB10D483-1177-42FC-98D7-BFAE8D992B62}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [UDP Query User{1D640E6C-0E21-4C0A-B5EE-8E2A32330133}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [TCP Query User{EE8598BA-2016-407B-B17A-52B8A882B608}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [{1559F9AD-C1AC-4C92-8017-BD6329D44A69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{AFFB6FB7-A491-4EED-BC6C-FED0A4EFC38A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{4285BAB9-BAD4-4A66-B9DD-B6187ADA8164}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{B231E169-920E-4FE1-8B93-2F6C5BB5CD86}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{80C21481-21EB-47B3-86F8-1487C3DCBD8F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{51653131-B5C8-46FB-8D54-BA7A63FDD98B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{FCC88CF7-0464-415D-9905-2A43C702C9D5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{2D0F644E-AE94-4860-80DE-4F1D41BEAE68}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{A155F463-1657-49E9-B96C-AFEB5E77037D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F6AC657F-9F7A-4C34-819A-466755D28A9C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E08C254C-AC63-47FB-BE99-315A15C75205}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{1DF313BA-239F-41F3-99FB-AEF2AD9657A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B0FE817E-5D21-45AB-9EFE-07099F38FB67}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{1E0AC280-01F2-4505-80A4-CFBAC9C5F30B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{ECED5E46-C70C-4DFE-9B80-D8BD8C603C51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{80D5E629-DF16-4AF0-AFFB-EAA2E1459ADC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{49C89FC9-83A7-4474-AABF-368D930D395D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{EBEE128D-9529-40CB-AB0E-C4E0C728915B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{0EC2E3FC-B25F-47A5-9A47-D0D18F8C4F9F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{822BE676-81E2-4927-B3AF-26B15A6A3746}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{1781CA52-A6CE-42EA-9A4F-171A425AF061}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{2398F7C6-4E41-42F5-A6F2-221E6DA01D25}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{8A52B6E3-55B4-4273-944C-F0CE22407FC5}] => (Allow) LPort=1900
FirewallRules: [{777E581E-C36F-41BE-AAC6-0237D6BE555F}] => (Allow) LPort=2869
FirewallRules: [{A63C26C7-CAE3-475C-A4C1-D8ACDD4B4A09}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9D7813C4-3DE0-4D4F-BFA5-385DA133909F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{EF84013E-846E-4897-BA0F-5A182D2924E5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{ED0D6975-A6A4-4816-9127-17287808AF06}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{5A383381-CF20-4C80-BB6A-C134BC9FA5A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{0BB5CF19-872E-4024-BBA0-531D044BBACE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{6BFC361A-47E7-4363-8DF2-AA2CC1F57852}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{2794A85D-9529-43C5-B026-1E62EA511F6E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{0FC01CFD-BE3E-45C4-81DF-43D959BF9B21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{756BBABF-A918-4D92-B09E-F633030033B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{02A5521B-BC56-48CD-B302-0471D52AE159}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{53292DC4-83F6-41FE-A3B7-5175D926DFFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1F8ADD1F-7717-4EDA-BCF1-00EC5DB49601}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4CAA38EB-9EC0-4CDE-BBD4-C35B295FFE03}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{46B3F78E-875B-4BD8-9260-AC8D14BB6914}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B44C9A83-EB3D-4AF5-98B6-A664F7D4FD1C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{362DC7E1-E4FD-4AA7-B325-6F486F771858}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AB3810BF-116F-42B0-BAC5-C8467074A256}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8D19D3CE-A4B6-4C77-8BC6-C9D1169F35AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{020ECBA5-7B60-4B53-B75C-EA0451BC8516}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B5B287E4-0B76-4F74-B7BB-16AA0DC3D8A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3296E038-53F6-4EA1-B58B-66B5681B9C6C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D6C79FC6-25D8-4478-A545-2AC9A0AE28C9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{924A1E9E-385E-4FBD-AC25-498F195158EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A8A15F83-829C-4CF7-87B8-EF4222B0566C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{477BB437-77C7-47B4-AA9C-AF8EECA226E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6CF30ACB-47C2-4156-AA57-3828A4BD7117}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C6A5875F-A233-425C-A2D3-D97F7F9D1D65}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FF0FD29A-F6F3-4C24-9A34-7034B54FA360}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{0806B723-2B12-43E7-AF53-DB70465FE09A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{D3FC2E54-E65C-42CC-86A3-0E583C361757}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5F6EA66F-D1C2-4B31-83F7-EB48C06864D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{68F93BE6-96D7-4620-A65F-7B8FD6211AB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FD953568-93D8-4E86-95E8-25A83BA7BEC9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{9CB068DF-6356-430B-B9FE-B6F0AFD554F9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{C6921B3D-4756-48E4-9609-AA8591ED6F5D}] => (Allow) D:\Ventrilo\Ventrilo.exe
FirewallRules: [{FB710C23-1262-4635-98DF-231423C1F0BE}] => (Allow) D:\Ventrilo\Ventrilo.exe
FirewallRules: [{A2921A59-F005-4AD4-BE61-579E068F837E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{7A9D98A9-DC21-4A13-BA9E-E8039403777B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{931165D4-D889-471F-8302-A4ED81A3B719}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{90D26312-1DCC-4BAA-8B8D-FAFFA26956A8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{3E76B074-A1FB-4983-A84E-3BAF2FA44C89}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F590A0A2-19D0-46CD-9FA0-48C3CFBEFAD0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{22AFB1A4-46B7-4280-98BC-103B83EB02CD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C55751FB-5505-45E4-B58F-D45F6FEAEC63}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1E2B0167-C004-409D-8E55-72C2409D12B1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{381E8562-61F2-430C-9154-FB9EA4AC6E37}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A139353A-3A2C-4B53-A090-659880DBF722}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{E2AA0C8D-327D-4EB9-BDBF-D03025D25736}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{5029CE16-7CAA-4D89-8289-4DE47EF03947}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{7BDCF36A-7615-46FB-800A-DE28C77BF2F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C5C9D50E-68AA-455F-A623-E7FD9A983711}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{26741B71-2FF7-4633-92C1-0A90B6F303E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{315E0B2F-69F5-4C42-8C0E-0C202713CC8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{444903BD-3222-40CF-8048-1402E90756F6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{E01E7475-FD71-4AA5-A9B9-2A4AFEDA9344}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{92992282-4FEC-4951-B6E1-281611FDA7AF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [TCP Query User{8AE3716F-46D9-4811-A03C-C5104808C4C7}C:\program files (x86)\electronic arts\ultima online classic\client.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online classic\client.exe
FirewallRules: [UDP Query User{1FD11C06-B402-4FEA-BEA6-21B2F7F9D17E}C:\program files (x86)\electronic arts\ultima online classic\client.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online classic\client.exe
FirewallRules: [{3E8D7EFB-7C51-4E69-B014-9A666C99A2F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A9CA762-E078-4027-93BD-74161089E5EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9A8F2E17-44D6-47E9-A18C-E604D3E1F1CE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{3F64670E-D00D-43E1-80AE-FDE4F7874B0F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{5B16814B-1B12-4C4C-B438-226BDAB77DA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{73132F0A-F1DE-4D05-8D35-F5FE6549BE23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{63BEB40F-1FEA-4091-9F9D-40F4668B1F1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E3C3ACF0-9453-4BBF-A90C-546A0A826D1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{521887E9-0244-4F25-9440-3B8FB673B18A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{15D787F6-729E-4D9F-81E3-23353CB24F42}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{400A4682-EB9D-452E-A550-78AD13EFD1F0}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{03CF497B-EB50-4435-8A6D-EA1E78E6913C}C:\users\r\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\r\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4EFA24CE-C7D7-4329-9BC9-6CC86B2D565A}C:\users\r\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\r\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1CD3D9AC-9571-4B70-9AA3-CD489581CD9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EFF67E6-644B-411B-871A-4CB82925F89B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

31-03-2017 12:16:26 Scheduled Checkpoint
09-04-2017 07:37:02 Scheduled Checkpoint
18-04-2017 18:03:19 Scheduled Checkpoint
21-04-2017 18:22:31 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2017 07:20:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: momlaptop)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (04/21/2017 06:22:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/21/2017 03:57:26 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/21/2017 03:57:26 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/21/2017 03:57:26 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDScanLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDScanLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/21/2017 03:57:26 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/21/2017 03:57:26 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/21/2017 03:57:26 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/21/2017 03:57:26 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/21/2017 03:57:26 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv32.sys".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv32.sys" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (04/21/2017 07:32:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/21/2017 07:19:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/21/2017 07:17:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/21/2017 07:17:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/21/2017 07:17:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/21/2017 07:17:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/21/2017 07:17:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/21/2017 07:17:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/21/2017 07:14:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2017 05:03:51 PM) (Source: DCOM) (EventID: 10016) (User: momlaptop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user momlaptop\Rachel SID (S-1-5-21-4290041746-2185032213-3448383080-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-04-21 19:21:06.576
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-21 19:21:05.523
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-21 19:20:50.945
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-21 19:20:05.876
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-21 19:20:04.730
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-21 19:20:04.620
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-21 19:16:43.739
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-21 19:16:41.809
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-21 19:16:14.995
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-19 13:50:11.845
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 13%
Total physical RAM: 16301.49 MB
Available physical RAM: 14085.62 MB
Total Virtual: 18733.49 MB
Available Virtual: 16416.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:272.87 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data1) (Fixed) (Total:465.75 GB) (Free:414.09 GB) NTFS
Drive e: (Data2) (Fixed) (Total:465.76 GB) (Free:464.9 GB) NTFS
Drive f: (DATA) (Fixed) (Total:537.6 GB) (Free:536.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B477960E)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 115DA0F7)

Partition: GPT.

==================== End of Addition.txt ============================
 
uninstall PrivDog

Open up the Control Panel. You can do this by going to Start Menu > Control Panel. If you are running Windows 8/8.1 and cannot find the Control Panel, search "Control Panel" in the search and select it.
Once the Control Panel has opened, select the "Uninstall a program"
locate PrivDog in this list to uninstall it.
Once you have located PrivDog in the list of programs installed on your system, either: right click > Uninstall, select it and click the Uninstall button at the top bar or double click the item in the Control Panel. You may get a message saying "Do you want to uninstall PrivDog?" - select Yes. This will launch the uninstall window.



Running from C:\Users\R\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.


Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Or use this method Press the windows key
Windows_Logo_key.gif
+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

15wKX7o.jpg


start
CreateRestorePoint:
CloseProcesses:
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~3\AIMERS~1\VIDEOC~1\WSBROW~1.DLL => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File
FF Extension: (PrivDog) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\Extensions\PrivDog@AdTrustMedia.com [2014-06-19] [not signed]
Task: {2455DBBF-ED69-4087-B8D8-394D40D08EA6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2B721FBB-CFBB-4B30-9572-02B82971F78E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {392F69A5-C1CE-43C0-A982-FF48ECE1B4F3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {48FF4FAE-A084-40A5-94CA-906DEB8E9025} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4CEE4888-8D15-4C26-B265-C6F4DC2AE6A0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {86EDD3F5-6C7E-4A3D-A626-6B63A1842525} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A931B331-59F4-46E7-8628-18703B96658D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D12BE019-EC52-4B8D-B351-9C9448D9ABCE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EC95F996-3FCB-4136-9AEC-C7A178E82716} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EDA51093-6D1E-4C03-B9E8-045910F80190} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F684D0E3-8D02-44D0-A31A-8D9E3CC6398E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothDesktopHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CellularAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CfgSPCellular.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CNC280C.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280I.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280L.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280O.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHI10A.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHL280.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCA6.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCAN.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNMIUAA.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNMLMAA.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CspCellularSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDirectoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DuCsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAPNCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\musdialoghandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6431141.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435582.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435598.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435850.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6431141.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435582.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435598.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435850.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintRenderAPIHost.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RdpRelayTransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSaveExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AiCM32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AiCM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNC280L.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNC280U.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNHMCA.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicDisplay.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicRender.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthLEEnum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmclr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\Public\Desktop\Post Win10 Spybot-install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Andy-Guitar-Beginners-Course-eBook-Feb-2015.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Andy-Guitar-Beginners-Course-eBook-Feb-2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Cybex Flat Olympic.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\funny-pictures-auto-799230.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\gordon tartan.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Gordon_anicent_family_tartan.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Help! weight chart.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\MyHomeHills.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Step Reebok_ The Video 1992 - YouTube [360p].webm:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Supercharged-Hormone-Diet-Belly-Fat-Plan.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Supercharged-Hormone-Diet-Belly-Fat-Plan.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\22LittleCloudsENGLISH.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\22LittleCloudsENGLISH.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\aimer-video-ultimate_setup_full523.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\aimer-video-ultimate_setup_full523.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\AllProducts.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\AllProducts.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\AtLongLast-MPB.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\avast_free_antivirus_setup_offline.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\avast_free_antivirus_setup_offline.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Avery-Label-6450(1).avery:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Avery-Label-6450(1).avery:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Avery-Label-6450.avery:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BagpipePlayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BagpipePlayer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer(1).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Bgreader.hlp:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bluebells.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bluebells.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BMW1____.TTF:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\BMW1____.TTF:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bonnie_dundee.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bonnie_dundee.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Bonny-Galloway-set.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Bonny-Galloway-set.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BP-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BP-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Castle Dangerous Set LCPD.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Castle Dangerous Set LCPD.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\CoWPaD Castle Dangerous Seconds.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\CoWPaD Castle Dangerous Seconds.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\DarkMarkIllusionScarf.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\DarkMarkIllusionScarf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\flashplayer24_jd_install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\flashplayer24_jd_install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\GoogleEarthPluginSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\GoogleEarthPluginSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.3.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.3.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.4.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.4.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Heroes-of-the-Storm-Setup-enUS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Heroes-of-the-Storm-Setup-enUS.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Im-a-believer.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Im-a-believer.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\jfrd_tune_settings_book_05-2015.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\jfrd_tune_settings_book_05-2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Jig1(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig1(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Jig1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Jig2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\killiecrankie.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\killiecrankie.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\laceyarchesinfinityscarf_aiid508740.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\laceyarchesinfinityscarf_aiid508740.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Little_Rucksack_Susie_ENG6.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Little_Rucksack_Susie_ENG6.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\maris wedding.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\maris wedding.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Ontario Railway Map Collection.kmz:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Ontario Railway Map Collection.kmz:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Reel1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Reel1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\scotswhahae.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\scotswhahae.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\ServiceOntario Providing your Copy of Your Electronic Product.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\ServiceOntario Providing your Copy of Your Electronic Product.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Silverlight_x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Silverlight_x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\SpotifySetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\springtimebandit_aiid145528.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\springtimebandit_aiid145528.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Tachum1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Tachum1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Thinking-out-loud.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Thinking-out-loud.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\vol-4-track.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\vol-4-track.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Warmup1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Warmup1.pdf:$CmdZnID [26]
EmptyTemp:
Hosts:
End
Click to expand...

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~

BY4dvz9.png
AdwCleaner
  • Please download AdwCleaner and save the file to your Desktop.
    In order to use AdwCleaner, you have to agree the Eula:
  • Right-click AdwCleaner.exe and select
    AVOiBNU.jpg
    Run as administrator to run the programme.
  • Follow the prompts.
  • Click
    A49sxPr.png
    Scan.
  • Upon completion, click
    6cyn5v5.png
    Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
  • Click
    MqHawIb.png
    Clean.
  • Follow the prompts and allow your computer to reboot.
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

OR from this location Here

  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
    MBAM3_zpsw0f8rn9n.jpg

  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Please paste the log back into this thread for review

  • Exit Malwarebytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
Malwarebytes log
JRT.txt
 
I have run all the fixes and have the logs saved but once again I cannot post them due to 504 gateway time-out errors.

I will keep trying, at one point hopefully my internet will cooperate!
 
Not sure whats causing the errors. can you attempt to temporarily disable Comodo and try again?
Which browser are you using to reply with?
Have you tried to attach the files?

~~

clearing your web browsers saved webpage
http://www.pcmag.com/article2/0,2817,2480401,00.asp



https://technet.microsoft.com/en-us/library/cc816827(v=ws.10).aspx?f=255&MSPPError=-2147217396
flush and reset a client resolver cache
Open a command prompt. To open an elevated Command Prompt window, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
At a command prompt, type the following command, and then press ENTER:
ipconfig /flushdns space between g and /
 
Are you behind or using a router?
If so

Turn the router off, by switch or unplugging from a wall outlet.
Leave it off for a couple of minutes.

Turn off your computer.
Plug the router back in , or turn the switch back on.
Turn the computer back on and see if it allows your to maneuver the internet now.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-04-2017
Ran by Rachel (22-04-2017 09:38:27) Run:1
Running from C:\Users\R\Desktop
Loaded Profiles: Rachel (Available Profiles: Rachel)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\PROGRA~3\AIMERS~1\VIDEOC~1\WSBROW~1.DLL => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File
FF Extension: (PrivDog) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\Extensions\PrivDog@AdTrustMedia.com [2014-06-19] [not signed]
Task: {2455DBBF-ED69-4087-B8D8-394D40D08EA6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2B721FBB-CFBB-4B30-9572-02B82971F78E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {392F69A5-C1CE-43C0-A982-FF48ECE1B4F3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {48FF4FAE-A084-40A5-94CA-906DEB8E9025} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4CEE4888-8D15-4C26-B265-C6F4DC2AE6A0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {86EDD3F5-6C7E-4A3D-A626-6B63A1842525} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A931B331-59F4-46E7-8628-18703B96658D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D12BE019-EC52-4B8D-B351-9C9448D9ABCE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EC95F996-3FCB-4136-9AEC-C7A178E82716} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EDA51093-6D1E-4C03-B9E8-045910F80190} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F684D0E3-8D02-44D0-A31A-8D9E3CC6398E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothDesktopHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CellularAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CfgSPCellular.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CNC280C.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280I.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280L.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280O.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHI10A.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHL280.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCA6.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCAN.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNMIUAA.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNMLMAA.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CspCellularSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDirectoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DuCsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAPNCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\musdialoghandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6431141.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435582.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435598.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435850.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6431141.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435582.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435598.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435850.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintRenderAPIHost.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RdpRelayTransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSaveExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AiCM32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AiCM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNC280L.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNC280U.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNHMCA.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicDisplay.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicRender.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthLEEnum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmclr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\Public\Desktop\Post Win10 Spybot-install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Andy-Guitar-Beginners-Course-eBook-Feb-2015.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Andy-Guitar-Beginners-Course-eBook-Feb-2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Cybex Flat Olympic.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\funny-pictures-auto-799230.jpeg:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\gordon tartan.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Gordon_anicent_family_tartan.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Help! weight chart.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\MyHomeHills.gif:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Step Reebok_ The Video 1992 - YouTube [360p].webm:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Desktop\Supercharged-Hormone-Diet-Belly-Fat-Plan.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Supercharged-Hormone-Diet-Belly-Fat-Plan.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\22LittleCloudsENGLISH.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\22LittleCloudsENGLISH.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\aimer-video-ultimate_setup_full523.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\aimer-video-ultimate_setup_full523.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\AllProducts.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\AllProducts.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\AtLongLast-MPB.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\avast_free_antivirus_setup_offline.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\avast_free_antivirus_setup_offline.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Avery-Label-6450(1).avery:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Avery-Label-6450(1).avery:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Avery-Label-6450.avery:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BagpipePlayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BagpipePlayer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer(1).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Bgreader.hlp:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bluebells.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bluebells.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BMW1____.TTF:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\BMW1____.TTF:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bonnie_dundee.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bonnie_dundee.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Bonny-Galloway-set.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Bonny-Galloway-set.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\BP-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BP-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Castle Dangerous Set LCPD.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Castle Dangerous Set LCPD.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\CoWPaD Castle Dangerous Seconds.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\CoWPaD Castle Dangerous Seconds.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\DarkMarkIllusionScarf.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\DarkMarkIllusionScarf.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\flashplayer24_jd_install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\flashplayer24_jd_install.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\GoogleEarthPluginSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\GoogleEarthPluginSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.3.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.3.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.4.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.4.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Heroes-of-the-Storm-Setup-enUS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Heroes-of-the-Storm-Setup-enUS.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Im-a-believer.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Im-a-believer.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\jfrd_tune_settings_book_05-2015.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\jfrd_tune_settings_book_05-2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Jig1(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig1(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Jig1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Jig2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig2.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\killiecrankie.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\killiecrankie.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\laceyarchesinfinityscarf_aiid508740.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\laceyarchesinfinityscarf_aiid508740.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Little_Rucksack_Susie_ENG6.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Little_Rucksack_Susie_ENG6.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\maris wedding.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\maris wedding.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Ontario Railway Map Collection.kmz:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Ontario Railway Map Collection.kmz:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Reel1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Reel1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\scotswhahae.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\scotswhahae.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\ServiceOntario Providing your Copy of Your Electronic Product.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\ServiceOntario Providing your Copy of Your Electronic Product.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(2).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(3).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(4).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Silverlight_x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Silverlight_x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\SpotifySetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\springtimebandit_aiid145528.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\springtimebandit_aiid145528.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Tachum1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Tachum1.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Thinking-out-loud.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Thinking-out-loud.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\vol-4-track.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\vol-4-track.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\Warmup1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Warmup1.pdf:$CmdZnID [26]
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} => key removed successfully
HKCR\Wow6432Node\CLSID\{D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKCR\PROTOCOLS\Handler\WSAMVCUchrome => key not found.
C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\Extensions\PrivDog@AdTrustMedia.com => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2455DBBF-ED69-4087-B8D8-394D40D08EA6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2455DBBF-ED69-4087-B8D8-394D40D08EA6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B721FBB-CFBB-4B30-9572-02B82971F78E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B721FBB-CFBB-4B30-9572-02B82971F78E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{392F69A5-C1CE-43C0-A982-FF48ECE1B4F3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{392F69A5-C1CE-43C0-A982-FF48ECE1B4F3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48FF4FAE-A084-40A5-94CA-906DEB8E9025} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48FF4FAE-A084-40A5-94CA-906DEB8E9025} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4CEE4888-8D15-4C26-B265-C6F4DC2AE6A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CEE4888-8D15-4C26-B265-C6F4DC2AE6A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86EDD3F5-6C7E-4A3D-A626-6B63A1842525} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86EDD3F5-6C7E-4A3D-A626-6B63A1842525} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A931B331-59F4-46E7-8628-18703B96658D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A931B331-59F4-46E7-8628-18703B96658D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D12BE019-EC52-4B8D-B351-9C9448D9ABCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D12BE019-EC52-4B8D-B351-9C9448D9ABCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC95F996-3FCB-4136-9AEC-C7A178E82716} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC95F996-3FCB-4136-9AEC-C7A178E82716} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDA51093-6D1E-4C03-B9E8-045910F80190} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDA51093-6D1E-4C03-B9E8-045910F80190} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F684D0E3-8D02-44D0-A31A-8D9E3CC6398E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F684D0E3-8D02-44D0-A31A-8D9E3CC6398E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
C:\WINDOWS\explorer.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\HelpPane.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\regedit.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\splwow64.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\aadcloudap.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\aadtb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AboveLockAppHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\accountaccessor.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AccountsRt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\acmigration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ActionCenter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ActionCenterCPL.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ActivationManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ActiveSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\actxprxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\adsmsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\aeinv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\aepic.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\aitstatic.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppCapture.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppContracts.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\appinfo.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ApplicationFrame.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppointmentApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\appraiser.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppReadiness.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\apprepapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\apprepsync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\appwiz.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppXApplicabilityBlob.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppXDeploymentClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppXDeploymentServer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AppxPackaging.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\asycfilt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\atmfd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\atmlib.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AudioSes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AudioSrvPolicyManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AuthBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AuthHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\authui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\autoplay.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\AzureSettingSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BackgroundMediaPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\basecsp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bcastdvr.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BcastDVRHelper.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bcdedit.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bcrypt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bdesvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bdeui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bdeunlock.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BingMaps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bisrv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BitLockerDeviceEncryption.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\biwinrt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BluetoothApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BluetoothDesktopHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BootMenuUX.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\bootux.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\browserbroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BrowserSettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\BthRadioMedia.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CameraCaptureUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CastLaunch.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cdd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cdp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cdpreference.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cdpsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cdpusersvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CellularAPI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cemapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CertEnroll.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\certprop.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CfgSPCellular.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Chakra.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\chartv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ChatApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ci.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CloudBackupSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CloudExperienceHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CloudExperienceHostBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CloudExperienceHostCommon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CloudExperienceHostUser.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CloudStorageWizard.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\clusapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cmifw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cmintegrator.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CNC280C.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CNC280I.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CNC280L.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CNC280O.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CNHI10A.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CNHL280.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CNHMCA6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CNHMCAN.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CNMIUAA.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CNMLMAA.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\combase.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\comdlg32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CompatTelRunner.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CompPkgSup.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\comsvcs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ContactApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CoreMessaging.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CoreUIComponents.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CPFilters.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CredProvDataModel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\credprovhost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\credprovs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\credprovslegacy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\crypt32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\cryptngc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CryptoWinRT.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\CspCellularSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\d2d1.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\d3d10warp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\d3d11.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\d3d9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\D3DCompiler_47.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dab.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dafBth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dafpos.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DafPrintProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DataExchange.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DataSenseHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DavSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\daxexec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dbgeng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dcntel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DdcWnsListener.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ddraw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ddrawex.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\devenum.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\deviceaccess.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DeviceCensus.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DeviceCenter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DeviceDirectoryClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DeviceEnroller.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DeviceFlows.DataModel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DevicePairing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DevicePairingFolder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DeviceReactivation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\devinv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dfp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DfpCommon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dhcpcore6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\diagtrack.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dialclient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dialserver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\discan.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Display.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DisplayManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dlnashext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dmcertinst.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dmenrollengine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DMRServer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dnsapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dnsrslvr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DolbyDecMFT.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dosvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dpapisrv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\drvstore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dsreg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dsregcmd.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DuCsps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dui70.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dwmapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dwmcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DWrite.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dxgi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\DXP.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\dxtrans.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EAMProgressHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\easwrt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\edgehtml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EditBufferTestHook.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EditionUpgradeHelper.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EditionUpgradeManagerObj.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EDPCleanup.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\efsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\efswrt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EmailApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EncDec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\energy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\enrollmentapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EnterpriseAPNCsp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\enterprisecsps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ErrorDetails.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ErrorDetailsUpdate.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\esent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\esentutl.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\evr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ExplorerFrame.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ExSMime.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\facecredentialprovider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Family.Authentication.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Family.Client.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Family.SyncEngine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ffbroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fhcfg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fhcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\FlightSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\flvprophandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\FntCache.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fontdrvhost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fontext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\FontProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\FrameServer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\FSClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fveapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fveapibase.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fvecpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fvenotify.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fveui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\fvewiz.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GamePanel.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GamePanelExternalHook.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gameux.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gdi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gdi32full.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GdiPlus.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\generaltel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Geolocation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\GlobCollationHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gpapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\gpsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hal.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hevcdecoder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hgcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\HttpsDataSource.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hvax64.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hvix64.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hvloader.efi => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\hvloader.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\icfupgd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\icm32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\icsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\icsvcext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\IdCtrls.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ie4uinit.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ieapfltr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iedkcs32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ieframe.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iepeers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ieproxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iertutil.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\imapi2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\imapi2fs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\indexeddbserver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\inetcomm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\inetcpl.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\input.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\InputLocaleManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\InputService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\InstallAgent.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\InstallAgentUserBroker.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\internetmail.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\invagent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\IPHLPAPI.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iphlpsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ipnathlp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iprtrmgr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\iscsiwmi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\JpMapControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\jscript9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\kerberos.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\KernelBase.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\LaunchWinApp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\LicenseManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ListSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\localspl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\LocationFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\LockAppBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\LockAppHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\LogonController.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\lpremove.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\LsaIso.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\lsasrv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\lsm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\main.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\manage-bde.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapConfiguration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapControlCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapGeocoder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapRouter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapsBtSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MapsStore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MbaeApiPublic.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mbsmsapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MCCSEngineShared.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MCRecvSrc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MDMAppInstaller.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mdmregistration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfasfsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfaudiocnv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MFCaptureEngine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfds.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfksproxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MFMediaEngine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfmjpegdec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfmkvsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfmp4srcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfmpeg2srcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfnetcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfnetsrc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfplat.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MFPlay.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfreadwrite.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfsensorgroup.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mfsvr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\microsoft-windows-system-events.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\migisol.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MiracastReceiver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mispace.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mmc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MMDevAPI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\modernexecserver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mos.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\moshost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\moshostcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MosStorage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mprapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mprddm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mprdim.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MPSSVC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MrmCoreR.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MRT.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSAC3ENC.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSAudDecMFT.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mscandui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msctf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msctfp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msctfui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msdtcprx.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msdtctm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msdtcuiu.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msfeeds.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msftedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mshtml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mshtmled.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msinfo32.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msmpeg2vdec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mspaint.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSPhotography.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mssitlb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mssph.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mssphtb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mssprxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mssrch.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mssvp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mstsc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\mstscax.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msutb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSVideoDSP.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSVP9DEC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msvproc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MSVPXENC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msxml3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\msxml6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MultiDigiMon.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\musdialoghandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MusNotification.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MusNotificationUx.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\MusUpdateHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NaturalLanguage6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ncsi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\netiohlp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\netiougc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\netplwiz.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetSetupApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetSetupEngine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetSetupShim.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetSetupSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\netshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nettrace.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetworkCollectionAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetworkDesktopSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetworkMobileSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NetworkUXBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NfcRadioMedia.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ngccredprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NgcCtnr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NgcCtnrGidsHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NgcCtnrSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ngcsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nlasvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nltest.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NMAA.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NotificationController.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\NPSM.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nshwfp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ntdll.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ntoskrnl.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ntshrui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nvaudcap64v.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nvdispco6431141.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nvdispco6435582.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nvdispco6435598.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nvdispco6435850.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nvdispgenco6431141.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nvdispgenco6435582.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nvdispgenco6435598.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\nvdispgenco6435850.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\odbcconf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\offreg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ole32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\oleacc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\oleaut32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\OnDemandConnRouteHelper.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\OneBackupHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pcasvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PCPTpm12.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PhotoScreensaver.scr => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PimIndexMaintenance.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Pimstore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PlayToDevice.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PlayToManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PlayToReceiver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pnidui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\policymanager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\poqexec.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\powercfg.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PrintDialogs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PrintDialogs3D.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PrintRenderAPIHost.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PrintWSDAHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\profsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\provops.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ProvSysprep.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\PsmServiceExtHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\psmsrv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\puiapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\puiobj.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\pwrshplugin.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\qedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\qmgr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\quartz.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RADCUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rasapi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rascustom.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rasgcw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rasmans.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rdpcorets.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rdpencom.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RdpRelayTransport.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rdpudd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RDXService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RDXTaskFactory.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ReAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ReAgentc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RelPost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RemoteNaturalLanguage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ReportingCSP.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\reseteng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ResetEngine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\resutils.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RjvMDMConfig.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RMapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\rshx32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RTMediaFrame.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\RTWorkQ.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sbe.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\schannel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\scksp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sdengin2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sdnclean64.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sdshext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SearchFilterHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SearchFolder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SearchIndexer.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SearchProtocolHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SecConfig.efi => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sendmail.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Sens.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SensorDataService.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SensorsApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SensorService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\services.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SessEnv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingsHandlers_Flights.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingsHandlers_nt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingSyncCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SettingSyncHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\setupugc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SharedStartModel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ShareHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SHCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\shdocvw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\shell32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\shutdownux.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\skci.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\smartscreen.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\smphost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SndVolSSO.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SpaceAgent.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SpaceControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\spaceman.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SpeechPal.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\spoolsv.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppcext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppnp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppobjs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppsvc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sppwinob.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sspicli.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\stobject.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\storagewmi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\StoreAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\StorSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\StructuredQuery.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\sud.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SyncCenter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SyncSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\systemreset.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SystemSettings.Handlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SystemSettingsAdminFlows.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Tabbtn.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tabcal.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TabletPC.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tapi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\taskbarcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tbauth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TextInputFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\themecpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\thumbcache.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\timedate.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TokenBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TokenBrokerCookies.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TokenBrokerUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TpmCoreProvisioning.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TpmTasks.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tquery.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TSpkg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\TSWorkspace.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\twinapi.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\twinapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\twinui.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\twinui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\twinui.pcshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\tzautoupdate.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ubpm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\uDWM.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UIAnimation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UIAutomationCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UIRibbon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UIRibbonRes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\umpoext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\unimdm.tsp => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Unistore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\updatehandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\updatepolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\uReFS.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\urlmon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\usbmon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\user32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\usercpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UserDataService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UserDataTimeUtil.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UserDeviceRegistration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UserLanguagesCpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\usermgr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UserMgrProxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\usoapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\usocore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\UtcResources.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vaultcli.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vbscript.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\VCardParser.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vds.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\VEStoreEventHandlers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vmrdvcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vpnike.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\VPNv2CSP.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vssapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\VSSVC.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\vss_ps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wbengine.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wcmsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wcnwiz.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wc_storage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WebcamUi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\webcheck.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\webio.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\werconcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\weretw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\werui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wevtsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wfdprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wifinetworkmanager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wifitask.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\win32kbase.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\win32kfull.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\win32spl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wincorlib.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.AccountsControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.ApplicationModel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Cortana.Desktop.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Cortana.OneCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Data.Pdf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.Lights.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.LowLevel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.Midi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.Perception.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.Picker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.PointOfService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.Printers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.Radios.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.Scanners.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.Sensors.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.SmartCards.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.Usb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.WiFi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Energy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Gaming.Input.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Globalization.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Graphics.Printing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Internal.Management.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Audio.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Devices.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Editing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Import.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.MediaControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Ocr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Speech.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Media.Streaming.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Networking.Connectivity.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Networking.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Networking.HostName.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Networking.Vpn.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Perception.Stub.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.StateRepository.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.StateRepositoryClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\windows.storage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Storage.Search.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.System.SystemManagement.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Cred.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Immersive.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Input.Inking.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Logon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Search.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Shell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Xaml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Web.Diagnostics.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Web.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Windows.Web.Http.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WindowsCodecs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winhttp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wininet.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wininetlui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winload.efi => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winload.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winmde.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winresume.efi => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winresume.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WinRtTracing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WinSetupUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winspool.drv => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\winsrv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wintrust.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WinTypes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wkssvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlanapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlancfg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WlanMediaManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlansec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlansvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlanui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlidprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wlidsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMPDMC.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpdxm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpeffects.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpmde.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wmpshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WMVDECOD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WordBreakers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WorkFolders.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WorkfoldersControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WorkFoldersGPExt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WorkFoldersShell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\workfolderssvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpAXHolder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Wpc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpcMon.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpcRefreshTask.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpcTok.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WpcWebFilter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpnapps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpncore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpninprc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpnprv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wpx.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\ws2_32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscinterop.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscsvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wscui.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wsecedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WSManHTTPConfig.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WSManMigrationPlugin.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WsmSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WsmWmiPl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wsp_fs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wsp_health.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wsp_sr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wu.upgrade.ps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wuapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wuaueng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wups.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wuuhext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WwaApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WWAHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\WWanAPI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wwanconn.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wwanmm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\wwansvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XblAuthManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XblAuthManagerProxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XblGameSaveExt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XboxNetApiSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\XInputUap.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\xpsrchvw.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\zipfldr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\aadtb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AboveLockAppHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\accountaccessor.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ActionCenterCPL.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ActivationManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\actxprxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\adsmsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\aepic.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AiCM32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AiCM64.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\apds.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppCapture.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppContracts.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppointmentActivation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppointmentApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\apprepapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\apprepsync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\appwiz.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AppxPackaging.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\asycfilt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\atmfd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\atmlib.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AudioSes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AuthBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AuthExt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\authui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\autoplay.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\azroleui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\basecsp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\bcastdvr.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BcastDVRHelper.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\bcrypt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BingMaps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\biwinrt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BluetoothApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\BrowserSettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CameraCaptureUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cdp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cemapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CertEnroll.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Chakra.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Chakradiag.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\chartv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ChatApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ClipboardServer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CloudBackupSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CloudStorageWizard.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\clusapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cmifw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CNC280L.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CNC280U.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CNHMCA.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\combase.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\comctl32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\comdlg32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CompPkgSup.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\comsvcs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ContactApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CoreMessaging.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CoreUIComponents.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CPFilters.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CredProvDataModel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\credprovhost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\credprovs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\credprovslegacy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\crypt32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\cryptngc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\CryptoWinRT.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d10warp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d11.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d8.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3d9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\D3DCompiler_47.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\d3dx9_34.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DafPrintProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DataExchange.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DavSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\daxexec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dbgeng.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ddraw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ddrawex.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\devenum.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\deviceaccess.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DevicePairing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dhcpcore6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dialclient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DisplayManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dlnashext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dmenrollengine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dnsapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DolbyDecMFT.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\drvstore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dsreg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dtdump.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dwmapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dwmcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\DWrite.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dxgi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\dxtrans.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\edgehtml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\EditBufferTestHook.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\efsext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\efswrt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\EmailApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\enrollmentapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ErrorDetails.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\esent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\esentutl.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\evr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\explorer.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ExplorerFrame.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ExSMime.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\findnetprinters.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\FlashPlayerApp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\fontdrvhost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\fontext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\FSClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gameux.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gdi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gdi32full.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\GdiPlus.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Geolocation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\GlobCollationHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\gpapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\hevcdecoder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\hgcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\icm32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ieapfltr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iedkcs32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ieframe.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iepeers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ieproxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iertutil.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\imapi2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\imapi2fs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\indexeddbserver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\inetcomm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\inetcpl.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\input.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\InputLocaleManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\InputService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\InstallAgent.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\IPHLPAPI.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iprtrmgr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ipsecsnp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ipsmsnap.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\iscsiwmi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\JpMapControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\jscript9.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\jscript9diag.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\kerberos.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\KernelBase.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LaunchWinApp.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LicenseManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LicenseManagerApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LockAppBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LockAppHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\LogonController.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\main.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapConfiguration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapControlCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapGeocoder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapRouter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MapsBtSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MbaeApiPublic.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mbsmsapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MCCSEngineShared.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MCRecvSrc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mdmregistration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfaudiocnv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfds.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfksproxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MFMediaEngine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfmjpegdec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfnetcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfnetsrc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfplat.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MFPlay.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfreadwrite.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfsensorgroup.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfsrcsnk.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mfsvr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\migisol.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MiracastReceiver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mispace.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mmc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MMDevAPI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mos.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MosStorage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mprapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mprddm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mprdim.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MrmCoreR.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSAC3ENC.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mscandui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mscms.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msctf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msctfp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msctfui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msdtcprx.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msdtcuiu.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msfeeds.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msftedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mshtml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mshtmled.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msinfo32.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msmpeg2vdec.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mspaint.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSPhotography.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mssitlb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mssph.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mssphtb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mssrch.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mssvp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mstsc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mstscax.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msutb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSVP9DEC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msvproc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\MSVPXENC.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msxml3.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\msxml6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\mtxclu.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NaturalLanguage6.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\netiohlp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\netiougc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetSetupApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetSetupEngine.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetSetupShim.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\netshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ngccredprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NMAA.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\NPSM.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\nshwfp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ntdll.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ntshrui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\nvaudcap32v.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\nvStreaming.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\odbcconf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\offreg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ole32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\oleacc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\oleaut32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\olepro32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\OneDriveSetup.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PCPTpm12.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\pdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PhotoScreensaver.scr => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Pimstore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PlayToDevice.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PlayToManager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PlayToReceiver.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\policymanager.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\poqexec.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\powercfg.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\PrintDialogs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ProximityCommon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\puiapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\puiobj.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\pwrshplugin.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\quartz.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\RADCUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rasapi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\rasgcw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ReAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ReAgentc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\regedit.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\resutils.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\RTMediaFrame.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\RTWorkQ.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sbe.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\schannel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\scksp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SearchFilterHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SearchFolder.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SearchIndexer.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SearchProtocolHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sendmail.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SessEnv.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SettingSync.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SettingSyncCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SettingSyncHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\setupugc.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ShareHost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SHCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\shell32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\smphost.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SndVolSSO.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sppcext.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sspicli.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\stobject.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\storagewmi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\StoreAgent.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\StructuredQuery.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\sud.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\SyncSettings.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\systemcpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tapi32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tbauth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tcpipcfg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tdh.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TextInputFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\themecpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\thumbcache.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TokenBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TokenBrokerUI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tquery.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\tsmf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TSpkg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\TSWorkspace.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\twinapi.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\twinapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\twinui.appcore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\twinui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIAnimation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIAutomationCore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIRibbon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UIRibbonRes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\unimdm.tsp => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Unistore.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\updatepolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\uReFS.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\urlmon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\user32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\usercpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserDataAccountApis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\UserMgrProxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\usoapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\vaultcli.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\vbscript.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\VCardParser.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\vssapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wcnwiz.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WebcamUi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\webcheck.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\webio.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\weretw.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wfdprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\win32kfull.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wincorlib.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Energy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Globalization.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Import.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.StateRepository.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\windows.storage.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Search.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Web.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Windows.Web.Http.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WindowsCodecs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\winhttp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wininet.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wininetlui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\winmde.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WinRtTracing.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\winspool.drv => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wintrust.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WinTypes.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wlanapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wlancfg.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wlanui.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wlidcli.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wlidprov.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMPDMC.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmpdxm.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmpeffects.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmpmde.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wmpshell.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WMVSENCD.DLL => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WordBreakers.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\Wpc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WpcWebFilter.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WPDShServiceObj.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wpnapps.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\ws2_32.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wscapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wscinterop.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wscui.cpl => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wsecedit.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WsmSvc.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WsmWmiPl.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wsp_fs.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wsp_health.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wsp_sr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\wuapi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WwaApi.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WWAHost.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\WWanAPI.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\XInputUap.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xolehlp.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\xpsrchvw.exe => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\SysWOW64\zipfldr.dll => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\afd.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ahcache.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\BasicDisplay.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\BasicRender.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\bowser.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\BthLEEnum.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\bthpan.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\bthport.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\capimg.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\Classpnp.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\clfs.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\cmimcext.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\cng.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\crashdmp.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dam.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dfsc.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dumpsd.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dxgkrnl.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dxgmms1.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\dxgmms2.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\fastfat.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\fvevol.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\hidclass.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\http.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\hvsocket.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\iorate.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\IPMIDrv.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\kbdhid.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ks.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\MegaSas2i.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\modem.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxsmb.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxsmb10.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mrxsmb20.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\msiscsi.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\mskssrv.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ndis.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ntfs.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\nvvad64v.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\nwifi.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\partmgr.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\pdc.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\rdbss.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\sdbus.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\spaceport.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\srv.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\srv2.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ssudbus.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\ssudmdm.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\storahci.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\stornvme.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\storport.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tcpip.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tcpipreg.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tdx.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tm.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\tpm.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\usbscan.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vmbkmcl.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vmbkmclr.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\vpci.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\wcifs.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\WdiWiFi.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\winhvr.sys => ":$CmdTcID" ADS could not remove.
C:\WINDOWS\system32\Drivers\xboxgip.sys => ":$CmdTcID" ADS could not remove.
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Desktop\Andy-Guitar-Beginners-Course-eBook-Feb-2015.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Desktop\Andy-Guitar-Beginners-Course-eBook-Feb-2015.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Desktop\Cybex Flat Olympic.JPG => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Desktop\funny-pictures-auto-799230.jpeg => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Desktop\gordon tartan.gif => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Desktop\Gordon_anicent_family_tartan.gif => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Desktop\Help! weight chart.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Desktop\MyHomeHills.gif => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Desktop\Step Reebok_ The Video 1992 - YouTube [360p].webm => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Desktop\Supercharged-Hormone-Diet-Belly-Fat-Plan.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Desktop\Supercharged-Hormone-Diet-Belly-Fat-Plan.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(1).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(2).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(2).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(3).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(3).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(4).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(4).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\2014-15 Approved SYC-FINAL.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\2014-15 Approved SYC-FINAL.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\22LittleCloudsENGLISH.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\22LittleCloudsENGLISH.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\aimer-video-ultimate_setup_full523.exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\aimer-video-ultimate_setup_full523.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\AllProducts.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\AllProducts.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\AtLongLast-MPB.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\avast_free_antivirus_setup_offline.exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\avast_free_antivirus_setup_offline.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Avery-Label-6450(1).avery => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Avery-Label-6450(1).avery => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Avery-Label-6450.avery => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\BagpipePlayer.exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\BagpipePlayer.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\BGPlayer(1).exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\BGPlayer(1).exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\BGPlayer.exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\BGPlayer.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Bgreader.hlp => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\bluebells.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\bluebells.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\BMW1____.TTF => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\BMW1____.TTF => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\bonnie_dundee.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\bonnie_dundee.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Bonny-Galloway-set.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Bonny-Galloway-set.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Book01 15(1).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Book01 15(1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Book01 15(2).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Book01 15(2).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Book01 15.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Book01 15.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\BP-setup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\BP-setup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\bruces-address-advanced(1).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\bruces-address-advanced(1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\bruces-address-advanced.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\bruces-address-advanced.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Castle Dangerous Set LCPD.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Castle Dangerous Set LCPD.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\CoWPaD Castle Dangerous Seconds.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\CoWPaD Castle Dangerous Seconds.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\DarkMarkIllusionScarf.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\DarkMarkIllusionScarf.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\flashplayer24_jd_install.exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\flashplayer24_jd_install.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\GoogleEarthPluginSetup.exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\GoogleEarthPluginSetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\gordon pipe.2.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\gordon pipe.2.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\gordon pipe.3.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\gordon pipe.3.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\gordon pipe.4.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\gordon pipe.4.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\gordon pipe.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\gordon pipe.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Heroes-of-the-Storm-Setup-enUS.exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Heroes-of-the-Storm-Setup-enUS.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Im-a-believer.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Im-a-believer.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\jfrd_tune_settings_book_05-2015.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\jfrd_tune_settings_book_05-2015.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Jig1(1).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Jig1(1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Jig1.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Jig1.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Jig2.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Jig2.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\killiecrankie.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\killiecrankie.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\laceyarchesinfinityscarf_aiid508740.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\laceyarchesinfinityscarf_aiid508740.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Little_Rucksack_Susie_ENG6.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Little_Rucksack_Susie_ENG6.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\maris wedding.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\maris wedding.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\MarysMarch(1).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\MarysMarch(1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\MarysMarch.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\MarysMarch.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Ontario Railway Map Collection.kmz => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Ontario Railway Map Collection.kmz => ":$CmdZnID" ADS could not remove.
C:\Users\R\Downloads\PDQB-Exercises(1).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\PDQB-Exercises(1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\PDQB-Exercises(2).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\PDQB-Exercises(2).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\PDQB-Exercises(3).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\PDQB-Exercises(3).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\PDQB-Exercises.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\PDQB-Exercises.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Reel1.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Reel1.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\scotswhahae.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\scotswhahae.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Secondhand-News(1).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Secondhand-News(1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Secondhand-News(2).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Secondhand-News(2).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Secondhand-News(3).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Secondhand-News(3).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Secondhand-News(4).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Secondhand-News(4).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Secondhand-News.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Secondhand-News.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\ServiceOntario Providing your Copy of Your Electronic Product.zip => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\ServiceOntario Providing your Copy of Your Electronic Product.zip => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\sgt_mackenzie(1).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\sgt_mackenzie(1).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\sgt_mackenzie(2).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\sgt_mackenzie(2).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\sgt_mackenzie(3).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\sgt_mackenzie(3).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\sgt_mackenzie(4).pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\sgt_mackenzie(4).pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\sgt_mackenzie.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\sgt_mackenzie.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Silverlight_x64.exe => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Silverlight_x64.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\SpotifySetup.exe => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\springtimebandit_aiid145528.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\springtimebandit_aiid145528.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Tachum1.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Tachum1.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Thinking-out-loud.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Thinking-out-loud.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\vol-4-track.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\vol-4-track.pdf => ":$CmdZnID" ADS removed successfully.
C:\Users\R\Downloads\Warmup1.pdf => ":$CmdTcID" ADS could not remove.
C:\Users\R\Downloads\Warmup1.pdf => ":$CmdZnID" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 272936348 B
Java, Flash, Steam htmlcache => 718 B
Windows/system/drivers => 24963667 B
Edge => 121255 B
Chrome => 0 B
Firefox => 379113193 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 22571560 B
NetworkService => 845414 B
R => 1392213114 B

RecycleBin => 0 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:41:10 ====
 
# AdwCleaner v6.045 - Logfile created 22/04/2017 at 15:51:39
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-22.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : -
# Running from : C:\Users\R\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\R\AppData\Local\AdTrustMedia
[-] Folder deleted: C:\Program Files\AdTrustMedia
[-] Folder deleted: C:\ProgramData\AdTrustMedia
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AdTrustMedia


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] Firefox preferences cleaned:
[-] Firefox preferences cleaned:
[-] Firefox preferences cleaned:
[-] Firefox preferences cleaned: "extensions.trusted-ads.serpInject" - "{"u":{"v":"2.72","d":"061714"},"l":"hxxp://search.adtrustmedia.com/search_safecontent.php","e":[{"u":"hxxp://ads.adtrustmedia.com/config/json/serp/engine/google.js","s":"#tads, #tadsb, #mbEnd","c":2,"i":1000,"p":300,"t":[{"t":"PAGE","v":"hxxp://www.google.com/search"},{"t":"PAGE","v":"hxxp://www.google.com.ua/search"},{"t":"DOMAIN","v":"^(www\\\\.)?google.*"}]},{"u":"hxxp://ads.adtrustmedia.com/config/json/serp/engine/bing.js","s":".sb_adsWv2:first-child, .sb_adsWv2.sb_adsW2v2, .sb_adsNv2, #iur","t":[{"t":"PAGE","v":"hxxp://www.bing.com/"},{"t":"DOMAIN","v":"bing\\\\.com"}]},{"u":"hxxp://ads.adtrustmedia.com/config/json/serp/engine/ask.js","s":"#spl_img_top.grey_bb, #csaTop iframe, #spl_img_top.grey_bt, #csaBottom iframe, #magic1 iframe, #magic2 iframe","t":[{"t":"PAGE","v":"hxxp://www.ask.com/"},{"t":"DOMAIN","v":"ask\\\\.com"}]},{"u":"hxxp://ads.adtrustmedia.com/config/json/serp/engine/about.js","s":".gB, #ad1 iframe, #ad2 iframe","t":[{"t":"PAGE","v":"hxxp://www.about.com/"},{"t":"DOMAIN","v":"about\\\\.com"}]},{"u":"hxxp://ads.adtrustmedia.com/config/json/serp/engine/whitepages.js","s":"#serp_bigmap_top iframe, #serp_bigmap_wide iframe","t":[{"t":"PAGE","v":"hxxp://www.whitepages.com/"},{"t":"DOMAIN","v":"whitepages\\\\.com"}]},{"u":"hxxp://ads.adtrustmedia.com/config/json/serp/engine/yellowpages.js","s":"#google-adsense-srp-container.google-adsense-top iframe, #google-adsense-srp-container.google-adsense-bottom iframe","t":[{"t":"PAGE","v":"hxxp://www.yellowpages.com/"},{"t":"DOMAIN","v":"yellowpages\\\\.com"}]},{"u":"hxxp://ads.adtrustmedia.com/config/json/serp/engine/mywebsearch.js","s":"#sponsoredTop, #sponsoredBottom","t":[{"t":"PAGE","v":"hxxp://search.mywebsearch.com/"},{"t":"DOMAIN","v":"mywebsearch\\\\.com"}]}],"preloadJs":{},"precompileReg":{}}"
[-] Firefox preferences cleaned:


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3197 Bytes] - [22/04/2017 15:51:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [2381 Bytes] - [22/04/2017 15:49:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3343 Bytes] ##########


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/22/17
Scan Time: 4:04 PM
Logfile: malwarebytes sum.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1786
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: momlaptop\Rachel

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384864
Time Elapsed: 2 min, 37 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/22/17
Scan Time: 4:04 PM
Logfile: malwarebytes sum.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1786
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: momlaptop\Rachel

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384864
Time Elapsed: 2 min, 37 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
I see your able to post again. which instructions did you apply to gain access?

were you able to run Junkware Removal Tool?

How is your computer now?
 
I followed all your instructions in both posts, however comodo is still refusing to run or be uninstalled.

To reply when I was getting the 504 errors I was responding using my iphone.

I thought I posted the JRT log, but I will include it here just in case. I actually ran it again, but it was the same results the first time.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Rachel (Administrator) on Sun 04/23/2017 at 20:37:25.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/23/2017 at 20:39:26.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
For Comodo (Which seems to be a pain)
restart the computer into Safe Mode with networking. Instructions for how to do that can be found here.
http://www.computerhope.com/issues/chsafe.htm

From there see if you can go to add/remove programs and continue to delete

Those running Windows 8.0, 8.1, or 10 should also download this removal tool.
https://forums.comodo.com/index.php?action=dlattach;topic=58620.0;attach=114365
I tried to get a link for the a removal tool but since I don't have CIS, I can't login

Let me know if any of the above works, we can try to take out what we see using FRST if nothing else works.
 
Ok simply trying to uninstall in safe mode didn't work so I downloaded the fix which didn't work the first time, but said it worked the second time. I did that in safe mode btw.

When I rebooted I got a message from Comoros saying critical system failure. You have to reinstall Comoros internet security premium 10 to fix this error.

Now I cannot connect to the internet, troubleshooting says problem with Ethernet driver, Bluetooth and wifi.
 
rune1990 said:
Ok simply trying to uninstall in safe mode didn't work so I downloaded the fix which didn't work the first time, but said it worked the second time. I did that in safe mode btw.

When I rebooted I got a message from Comoros saying critical system failure. You have to reinstall Comoros internet security premium 10 to fix this error.

Now I cannot connect to the internet, troubleshooting says problem with Ethernet driver, Bluetooth and wifi.
Click to expand...
Searching the internet shows me you are not alone. Most who try to remove Comodo Internet Security end up with broken internet connections.
Seems it's brought on by broken remnants for Comodo Firewall .

Let's try to troubleshoot.

Some have tried a system restore first but some Comodo issues remain. You can attempt this but not sure what results you will end up with.

~~~

If you go in the Device Manager, under Network Adapters, do you see a COMODO device?
If not, go under "View" and check "Show hidden devices" and see if one appears.
highlight and uninstall LAN item related to comodo ? (If found)
~~~~~~
https://www.tenforums.com/tutorials/2938-open-task-manager-windows-10-a.html
Open task manager, click on More details.
Processes Tab look for cmdagent, and if found try to right click on that and end process
Services Tab look for cmdagent, and if found try to right click on that and end process
~~~

https://www.tenforums.com/tutorials/2790-open-elevated-command-prompt-windows-10-a.html
open the command prompt with Admin Rights (Open the Win+X menu, and click/tap on Command Prompt (Admin)
or
1. Open Task Manager with more details.
2. Click/tap on File (menu bar), then press and hold the CTRL key and click/tap on Run new task.
and enter the following command:
netsh winsock reset

NEXT**
Open a command-box (Start, Run, cmd) and type ipconfig /all please note space between g and /
go back to the command-box, now type ipconfig /renew

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
After that, restart your computer and see if your connection works.
 
I worked thru everything in ur first reply with no success. It appears Comodo is still on my system as it appears in my programs list. I'm still getting critical failure notice and no internet connection.

I've also gone thru most of microsofts suggestions, but have a feeling that the rest won't help either as comodo is the issue.
 
Ok, getting somewhere now. I had a feeling this issue might be because of the Comodo Secure DNS feature, so managed to change my dns back to automatic instead of comodos dns and and now able to connect on laptop.

I'm still getting the comodo error and I have run the fix again and tried to uninstall, still to no avail

The only thing i've found in task manager, under services is cmdvirth (comodo virtual services manager) its not running but I can't remove it either.
 
Uninstall the Comodo firewall driver from your network adapters properties.?

What I've also been reading is how many have to reinstall, then uninstall. Sounds like a continuation of the nightmare to me.

I'm sure there are many items of CIS still on the machine. We can try to run a new FRST scan and let me see whats left but....I'm unsure if the internet will come back. I suppose in theory it might but then again it might not.


Here is a link to temporarily disable their firewall
https://help.comodo.com/topic-72-1-623-7648-.html

Keep in my that it's possible you might need to register at the Comodo forums for tech help to remove their product.
https://forums.comodo.com/firewall-help-cis-b135.0/
 
rune1990 said:
Ok, getting somewhere now. I had a feeling this issue might be because of the Comodo Secure DNS feature, so managed to change my dns back to automatic instead of comodos dns and and now able to connect on laptop.

I'm still getting the comodo error and I have run the fix again and tried to uninstall, still to no avail

The only thing i've found in task manager, under services is cmdvirth (comodo virtual services manager) its not running but I can't remove it either.
Click to expand...


run a new FRST for me, include the addtions txt too
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by Rachel (administrator) on MOMLAPTOP (27-04-2017 12:01:55)
Running from C:\Users\R\Desktop
Loaded Profiles: Rachel (Available Profiles: Rachel)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\desktop\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Malwarebytes) C:\desktop\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Spotify Ltd) C:\Users\R\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Twitch Interactive, Inc.) C:\Users\R\AppData\Roaming\Curse Client\Bin\Twitch.exe
(Twitch Interactive, Inc.) C:\Users\R\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\R\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\R\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Twitch Interactive, Inc.) C:\Users\R\AppData\Roaming\Curse Client\Bin\Electron\TwitchUI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-11-27] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe******************************************************************************************************************************* [40960 2013-03-14] ()
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-31] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\DESKTOP\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2066432 2015-03-29] (AimerSoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-03-29] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-11-27] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-09-03] (Safer-Networking Ltd.)
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\Run: [Spotify Web Helper] => C:\Users\R\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-16] (Spotify Ltd)
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-10-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-10-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-10-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-10-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-10-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-10-15] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{87542c5a-1377-4d5b-85f5-4ac1216a68ae}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d705a51f-036f-4846-bdc0-4a0dc9115a8a}: [NameServer] 156.154.70.22,156.154.71.22

Internet Explorer:
==================
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File

FireFox:
========
FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default [2017-04-27]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\pooh0kfu.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\pooh0kfu.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\pooh0kfu.default -> hxxp://www.theloop.ca/
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-23]
FF Extension: (NoScript) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-04-22]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\features\{e0535ec3-f466-4a52-a7a0-b75f27473ccb}\disable-cert-transparency@mozilla.org.xpi [2017-04-18]
FF Extension: (Disable Prefetch) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\features\{e0535ec3-f466-4a52-a7a0-b75f27473ccb}\disable-prefetch@mozilla.org.xpi [2017-04-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-22] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-04-11] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-31] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-31] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-11-27] (Broadcom Corporation.)
S3 cmdvirth; D:\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-06] (COMODO)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-04-11] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-04-11] (Intel Corporation)
R2 MBAMService; C:\desktop\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-11-27] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-11-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-11-27] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-04-11] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-04-11] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-03-22] ()
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [91368 2013-03-21] (GenesysLogic)
U5 inspect; C:\Windows\System32\Drivers\inspect.sys [129200 2017-03-30] (COMODO)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-04-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-04-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-04-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-26] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-04-27] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_d4715679184092a8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-31] (NVIDIA Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-27 12:01 - 2017-04-27 12:02 - 00019056 _____ C:\Users\R\Desktop\FRST.txt
2017-04-27 12:01 - 2017-04-27 12:01 - 00000000 ____D C:\Users\R\Desktop\FRST-OlderVersion
2017-04-25 11:16 - 2017-04-25 11:16 - 00010370 _____ C:\Users\R\Downloads\COMODO Removal Tool 2014 - Mods version.zip
2017-04-24 17:30 - 2017-04-24 17:30 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-22 16:11 - 2017-04-23 20:39 - 00000556 _____ C:\Users\R\Desktop\JRT.txt
2017-04-22 16:08 - 2017-04-22 16:08 - 00001095 _____ C:\Users\R\Desktop\malwarebytes sum.txt
2017-04-22 16:01 - 2017-04-27 08:51 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-04-22 16:01 - 2017-04-26 12:47 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-22 16:01 - 2017-04-26 12:47 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-04-22 16:01 - 2017-04-26 12:47 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-22 16:01 - 2017-04-26 11:24 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-22 16:01 - 2017-04-22 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-22 16:01 - 2017-04-22 16:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-22 16:01 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-22 15:57 - 2017-04-22 16:08 - 01663672 _____ (Malwarebytes) C:\Users\R\Desktop\JRT.exe
2017-04-22 15:55 - 2017-04-22 16:00 - 60107896 _____ (Malwarebytes ) C:\Users\R\Desktop\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-22 15:55 - 2017-04-22 15:55 - 00003405 _____ C:\Users\R\Desktop\AdwCleaner[C0].txt
2017-04-22 15:47 - 2017-04-22 15:51 - 00000000 ____D C:\AdwCleaner
2017-04-22 15:46 - 2017-04-22 15:47 - 04089296 _____ C:\Users\R\Desktop\AdwCleaner.exe
2017-04-22 09:38 - 2017-04-22 09:41 - 00244629 _____ C:\Users\R\Desktop\Fixlog.txt
2017-04-21 20:35 - 2017-04-21 20:35 - 00491116 _____ C:\WINDOWS\Minidump\042117-32765-01.dmp
2017-04-21 19:53 - 2017-04-21 20:35 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-21 19:53 - 2017-04-21 19:54 - 00475836 _____ C:\WINDOWS\Minidump\042117-34921-01.dmp
2017-04-21 19:49 - 2017-04-22 09:03 - 00169817 _____ C:\Users\R\Downloads\Addition.txt
2017-04-21 19:48 - 2017-04-22 09:03 - 00081715 _____ C:\Users\R\Downloads\FRST.txt
2017-04-21 19:47 - 2017-04-27 12:01 - 00000000 ____D C:\FRST
2017-04-21 19:45 - 2017-04-21 19:52 - 05198336 _____ (AVAST Software) C:\Users\R\Downloads\aswMBR.exe
2017-04-21 19:44 - 2017-04-27 12:01 - 02427392 _____ (Farbar) C:\Users\R\Desktop\FRST64.exe
2017-04-21 19:43 - 2017-04-21 19:44 - 01766912 _____ (Farbar) C:\Users\R\Downloads\FRST.exe
2017-04-21 19:23 - 2017-04-21 19:23 - 00000893 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2017-04-11 15:07 - 2017-04-11 14:52 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 02262776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsecsnp.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsmsnap.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 15:07 - 2017-04-11 14:52 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 15:07 - 2017-04-11 14:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 15:07 - 2017-04-11 14:51 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 15:07 - 2017-04-11 14:50 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 06667520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-04-11 15:06 - 2017-04-11 14:52 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-04-11 15:06 - 2017-04-11 14:52 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-11 15:06 - 2017-04-11 14:52 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01851688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01414728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 15:06 - 2017-04-11 14:52 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-04-11 15:06 - 2017-04-11 14:52 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-11 15:06 - 2017-04-11 14:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 12181504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 06045184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-04-11 15:06 - 2017-04-11 14:51 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-04-11 15:06 - 2017-04-11 14:51 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-11 15:06 - 2017-04-11 14:51 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-11 15:06 - 2017-04-11 14:51 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 15:06 - 2017-04-11 14:51 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 15:06 - 2017-04-11 14:50 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 15:06 - 2017-04-11 14:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 15:06 - 2017-04-11 14:50 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 15:06 - 2017-04-11 14:50 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 15:06 - 2017-04-11 14:50 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 08168512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-04-11 14:59 - 2017-04-11 14:51 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-11 14:59 - 2017-04-11 14:51 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-04-11 14:59 - 2017-04-11 14:51 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 03612672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 14:59 - 2017-04-11 14:50 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 14:59 - 2017-04-11 14:50 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-04-11 14:59 - 2017-04-11 14:50 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 22221368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 08126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 07655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 02533728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-04-11 14:58 - 2017-04-11 14:51 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-04-11 14:58 - 2017-04-11 14:51 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-11 14:58 - 2017-04-11 14:51 - 01157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 14:58 - 2017-04-11 14:51 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00218520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-04-11 14:58 - 2017-04-11 14:51 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 14:58 - 2017-04-11 14:51 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-04-11 14:58 - 2017-04-11 14:50 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 13087232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02758648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 14:57 - 2017-04-11 14:51 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 14:57 - 2017-04-11 14:51 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 01276760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-04-11 14:57 - 2017-04-11 14:51 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 14:57 - 2017-04-11 14:51 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 14:57 - 2017-04-11 14:50 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-04-11 14:57 - 2017-04-11 14:50 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 14:57 - 2017-04-11 14:50 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 14:57 - 2017-04-11 14:50 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-11 14:56 - 2017-04-11 14:52 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-04-11 14:56 - 2017-04-11 14:52 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 14:56 - 2017-04-11 14:51 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-04-11 14:56 - 2017-04-11 14:51 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-04-11 14:56 - 2017-04-11 14:50 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-11 14:56 - 2017-04-11 14:50 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-11 14:56 - 2017-04-11 14:50 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-04-11 14:56 - 2017-04-11 14:50 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-04-11 10:34 - 2017-04-11 10:34 - 00000000 ____D C:\Users\R\AppData\Roaming\Twitch
2017-04-11 10:34 - 2017-04-11 10:34 - 00000000 ____D C:\ProgramData\Twitch
2017-04-11 10:33 - 2017-04-11 10:33 - 00001043 _____ C:\Users\R\Desktop\Twitch.lnk
2017-04-11 10:33 - 2017-04-11 10:33 - 00001029 _____ C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2017-04-06 17:03 - 2017-04-06 17:03 - 00000000 ____D C:\ProgramData\Comodo Downloader
2017-04-06 17:03 - 2017-04-05 01:58 - 00230592 _____ (COMODO) C:\WINDOWS\system32\cmdshim64.dll
2017-04-06 17:03 - 2017-04-05 01:56 - 00194752 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdshim32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-27 12:00 - 2016-09-25 04:31 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-04-27 12:00 - 2016-09-25 04:31 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-04-27 11:57 - 2016-12-10 20:53 - 00000000 ____D C:\Users\R\AppData\LocalLow\Mozilla
2017-04-27 11:56 - 2017-02-12 08:35 - 00000000 ____D C:\Users\R\AppData\Roaming\Curse Client
2017-04-27 11:56 - 2016-09-25 04:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-27 08:57 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-27 08:57 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-26 13:06 - 2016-09-25 04:10 - 00000000 ____D C:\Users\R
2017-04-26 12:55 - 2015-08-27 23:29 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-04-26 12:50 - 2014-08-25 15:12 - 00000000 ____D C:\Users\R\AppData\Local\Battle.net
2017-04-26 12:50 - 2014-08-25 15:11 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-04-26 12:48 - 2013-08-18 20:39 - 00000074 _____ C:\Users\R\AppData\Roaming\sp_data.sys
2017-04-26 12:47 - 2016-09-25 04:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-26 12:47 - 2016-09-25 04:06 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-26 12:47 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-04-26 12:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-26 12:43 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-25 11:44 - 2017-02-18 19:07 - 00000000 ____D C:\Users\R\AppData\Local\ElevatedDiagnostics
2017-04-25 11:37 - 2016-07-16 02:04 - 00065536 _____ C:\WINDOWS\system32\config\ELAM
2017-04-25 11:28 - 2016-11-18 00:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-25 11:28 - 2013-08-18 20:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-25 11:17 - 2013-08-19 11:20 - 00000000 ____D C:\ProgramData\Comodo
2017-04-22 15:56 - 2015-11-27 15:12 - 01464722 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-21 20:35 - 2013-10-18 18:22 - 766363643 _____ C:\WINDOWS\MEMORY.DMP
2017-04-21 18:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-21 18:22 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-21 12:12 - 2016-05-06 12:33 - 00001810 _____ C:\Users\R\Desktop\Band Emails.txt
2017-04-21 11:51 - 2016-05-06 12:27 - 00004078 _____ C:\Users\R\Desktop\HotR Invite.txt
2017-04-21 05:39 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-04-19 17:03 - 2013-08-19 11:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-19 13:45 - 2016-09-25 04:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2017-04-19 13:44 - 2016-09-25 04:02 - 00203184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-19 13:44 - 2015-11-09 11:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-19 13:44 - 2015-11-09 11:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-19 13:41 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-19 13:41 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-16 19:57 - 2016-09-25 04:31 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-16 19:57 - 2016-09-25 04:31 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 17:29 - 2013-08-19 03:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 17:27 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-11 17:27 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 17:27 - 2015-11-09 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-11 17:27 - 2013-08-19 03:37 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-11 14:52 - 2016-09-25 04:05 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-08 12:52 - 2013-12-16 11:26 - 00532136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-05 02:01 - 2013-09-24 11:53 - 00732368 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2017-04-05 02:01 - 2013-09-24 11:53 - 00051808 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2017-04-05 01:58 - 2013-09-24 11:53 - 00457408 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2017-04-05 01:56 - 2013-09-24 11:53 - 00363200 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2017-03-30 21:01 - 2015-08-10 09:37 - 00129200 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2017-03-30 21:01 - 2013-09-24 11:54 - 00050808 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2017-03-30 21:01 - 2013-09-24 11:54 - 00040960 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys

==================== Files in the root of some directories =======

2013-08-18 20:39 - 2017-04-26 12:48 - 0000074 _____ () C:\Users\R\AppData\Roaming\sp_data.sys
2014-04-29 10:23 - 2014-04-29 10:23 - 0007605 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg
2012-11-27 14:26 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-27 14:26 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-27 14:26 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-24 11:22

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Rachel (27-04-2017 12:02:39)
Running from C:\Users\R\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-25 08:35:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4290041746-2185032213-3448383080-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4290041746-2185032213-3448383080-503 - Limited - Disabled)
Guest (S-1-5-21-4290041746-2185032213-3448383080-501 - Limited - Disabled)
Rachel (S-1-5-21-4290041746-2185032213-3448383080-1002 - Administrator - Enabled) => C:\Users\R

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.020 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.95.48 - Broadcom Corporation)
COMODO Firewall (HKLM\...\{093F13A3-177C-493E-8958-912A0C690B64}) (Version: 10.0.1.6209 - COMODO Security Solutions Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ELAN Touchpad 11.5.19.2_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.19.2 - ELAN Microelectronic Corp.)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
K-Lite Codec Pack 11.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.5 - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version: - Electronic Arts)
Uninstall Bagpipe Player (HKLM-x32\...\{B5A91531-508A-4B14-B521-3105E19F3605}_is1) (Version: 1.1 - MightyCoder)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6200 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
影像中心 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4290041746-2185032213-3448383080-1002_Classes\CLSID\{69785b76-2246-4c03-abaf-d3fae2c5e949}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03393A8D-5665-44C5-8712-36F20C718749} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-11] (Microsoft Corporation)
Task: {093DBCF1-07B9-43B4-ADF9-7108CF5C1C67} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-05-23] (ASUSTeK Computer Inc.)
Task: {0A07F30D-8503-481C-A791-E031D107468F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-28] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {3ACF1A86-DF74-406B-838E-00B50625B40E} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-05-23] ()
Task: {3BFEEA60-6B74-4E48-BC13-A31EB0D8736C} - System32\Tasks\{AF2C40CE-6D9E-42D4-848E-D9E0F66064A5} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1601
Task: {4051401D-F378-4D18-BDF4-3F38358CD55C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {4637AAF9-190B-48E2-8132-440521743036} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-11-27] (Safer-Networking Ltd.)
Task: {55682CEF-4C35-4245-B624-2D3173C749B3} - System32\Tasks\{1FA960EA-3479-414B-B6DE-644960E60917} => pcalua.exe -a "C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\unins000.exe"
Task: {5B7A3092-FF23-4953-A79A-FA4B5B2E1BFE} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {5F22BBAD-8FD8-42FE-AE9A-36AA6766510C} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {612405E3-AC78-4EAE-BC0B-85198BB26E8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-28] (Google Inc.)
Task: {639BEE13-0583-4550-AD68-A5DBA036AF10} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-05-23] (ASUSTeK Computer Inc.)
Task: {69BE304B-5D96-40ED-9455-E048599B0EA8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {79CB47C9-F697-4C92-93B0-7E4D05B2D826} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {90BA0751-0E8B-47AB-8D0C-1382229D6E3A} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => D:\COMODO\COMODO Internet Security\cistray.exe [2017-04-06] (COMODO)
Task: {A8A2D02D-661C-4222-9E9B-B42B43AB2D9C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {B4897E97-7A18-4F7A-A872-2ABDF4E5F601} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {BD202415-771A-4521-BEBE-F61284CB1212} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-11] (Microsoft Corporation)
Task: {C06A7805-F598-4EB2-9C4F-C81524A9962D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {C8C21B76-1D30-45F6-8CBA-E86CDD98C3E6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {C8E39017-8B6B-4425-88D4-5A67519882C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-11] (Microsoft Corporation)
Task: {CD5F0113-2871-44D3-A176-52D36E968E44} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {D0E12DC2-0B2A-4BF3-9753-25CEA1633802} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {D19628FD-D4DB-4DE1-A272-61BA17DDD2DA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-11-27] (Safer-Networking Ltd.)
Task: {D4D68587-13B1-499D-BED2-668EBB9821C1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => D:\COMODO\COMODO Internet Security\cistray.exe [2017-04-06] (COMODO)
Task: {E125D730-53BE-4787-A39D-5595E22E2AF3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-11-27] (Safer-Networking Ltd.)
Task: {EFDFBAFB-9819-4D51-BA1E-A06E6B00A901} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {FD09657C-A821-4E37-9031-DC7B7B72948F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-04-11] (Microsoft Corporation)
Task: {FF0BD328-D043-417A-B2C1-E7CA96FF5A55} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {FF8054B2-CD14-4C79-B2E1-A3037D1C37E4} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 04:06 - 2016-08-01 08:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-04-22 16:01 - 2017-03-22 10:24 - 02271520 _____ () C:\DESKTOP\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-22 16:01 - 2017-03-23 19:40 - 02267600 _____ () C:\DESKTOP\ANTI-MALWARE\MwacLib.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-15 17:51 - 2016-10-15 17:51 - 00959168 _____ () C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2012-08-24 20:26 - 2012-08-24 20:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-09-25 07:57 - 2016-09-25 07:57 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 05:28 - 2017-03-15 05:28 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2013-05-31 10:51 - 2013-03-14 05:46 - 00040960 _____ () C:\Windows\SysWOW64\UMonit64.exe
2013-05-31 10:56 - 2011-09-19 13:40 - 00466944 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2017-04-07 23:14 - 2017-04-07 23:15 - 02151632 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-04-07 23:14 - 2017-04-07 23:15 - 00381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-04-26 12:55 - 2017-04-26 13:00 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-04-26 12:55 - 2017-04-26 13:00 - 00190464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-26 12:55 - 2017-04-26 13:00 - 43011072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-04-26 12:55 - 2017-04-26 13:00 - 02451456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-15 05:29 - 2017-03-15 05:29 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 05:29 - 2017-03-15 05:29 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 05:29 - 2017-03-15 05:29 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-11 14:57 - 2017-04-11 14:50 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 14:57 - 2017-04-11 14:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-27 15:35 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-11-27 15:35 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-11-27 15:35 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-11-27 15:35 - 2015-11-27 15:35 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-30 19:28 - 2015-08-26 20:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-15 17:51 - 2016-10-15 17:51 - 00679624 _____ () C:\Users\R\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2014-12-11 18:40 - 2014-12-11 18:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2016-04-05 11:57 - 2016-04-05 11:57 - 00393608 _____ () C:\Users\R\AppData\Roaming\Curse Client\Bin\opus.dll
2017-02-08 21:15 - 2017-04-27 11:50 - 00535872 _____ () C:\Users\R\AppData\Roaming\Curse Client\Bin\Curse.Presto.Interface.dll
2017-01-10 18:04 - 2017-04-11 10:30 - 01950528 _____ () C:\Users\R\AppData\Roaming\Curse Client\Bin\Electron\ffmpeg.dll
2017-01-10 18:04 - 2017-04-11 10:30 - 02270528 _____ () C:\Users\R\AppData\Roaming\Curse Client\Bin\Electron\libglesv2.dll
2017-01-10 18:04 - 2017-04-11 10:30 - 00088384 _____ () C:\Users\R\AppData\Roaming\Curse Client\Bin\Electron\libegl.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothDesktopHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CellularAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CfgSPCellular.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CNC280C.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280I.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280L.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280O.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHI10A.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHL280.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCA6.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCAN.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNMIUAA.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNMLMAA.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CspCellularSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDirectoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DuCsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAPNCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\musdialoghandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6431141.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435582.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435598.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435850.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6431141.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435582.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435598.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435850.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintRenderAPIHost.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RdpRelayTransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSaveExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AiCM32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AiCM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNC280L.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNC280U.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNHMCA.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicDisplay.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicRender.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthLEEnum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmclr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\Public\Desktop\Post Win10 Spybot-install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Andy-Guitar-Beginners-Course-eBook-Feb-2015.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Supercharged-Hormone-Diet-Belly-Fat-Plan.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\22LittleCloudsENGLISH.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\aimer-video-ultimate_setup_full523.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\AllProducts.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\avast_free_antivirus_setup_offline.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Avery-Label-6450(1).avery:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BagpipePlayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer(1).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bluebells.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BMW1____.TTF:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\bonnie_dundee.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Bonny-Galloway-set.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BP-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Castle Dangerous Set LCPD.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\CoWPaD Castle Dangerous Seconds.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\DarkMarkIllusionScarf.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\flashplayer24_jd_install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\GoogleEarthPluginSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.3.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.4.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\Heroes-of-the-Storm-Setup-enUS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Im-a-believer.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\jfrd_tune_settings_book_05-2015.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig1(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\killiecrankie.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\laceyarchesinfinityscarf_aiid508740.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Little_Rucksack_Susie_ENG6.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\maris wedding.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Ontario Railway Map Collection.kmz:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Ontario Railway Map Collection.kmz:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Reel1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\scotswhahae.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\ServiceOntario Providing your Copy of Your Electronic Product.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Silverlight_x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\springtimebandit_aiid145528.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Tachum1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Thinking-out-loud.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\vol-4-track.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Warmup1.pdf:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2017-04-22 09:39 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\R\Desktop\world-of-warcraft-pet-battles-chart-small.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-4290041746-2185032213-3448383080-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DAF86EEC-DC32-49F1-B72F-0F0B25755178}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{DA00E8C5-7536-4D02-9E53-6CD721A5F079}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{CCE9D1AC-F7D9-4FBD-A114-55A9D3250E1D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{7D3B035E-27DD-44E9-91FD-459FC0504BC1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{6A9EF8EB-9BA1-40C1-9948-8493E9FD0B29}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{B25D7AFC-96F7-48E5-B4F4-F9FDF11022D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{738D9911-5EE2-46D3-9021-1F874CE6B405}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{FB10D483-1177-42FC-98D7-BFAE8D992B62}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [UDP Query User{1D640E6C-0E21-4C0A-B5EE-8E2A32330133}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [TCP Query User{EE8598BA-2016-407B-B17A-52B8A882B608}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [{1559F9AD-C1AC-4C92-8017-BD6329D44A69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{AFFB6FB7-A491-4EED-BC6C-FED0A4EFC38A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{4285BAB9-BAD4-4A66-B9DD-B6187ADA8164}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{B231E169-920E-4FE1-8B93-2F6C5BB5CD86}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
FirewallRules: [{80C21481-21EB-47B3-86F8-1487C3DCBD8F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{51653131-B5C8-46FB-8D54-BA7A63FDD98B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
FirewallRules: [{FCC88CF7-0464-415D-9905-2A43C702C9D5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{2D0F644E-AE94-4860-80DE-4F1D41BEAE68}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{A155F463-1657-49E9-B96C-AFEB5E77037D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F6AC657F-9F7A-4C34-819A-466755D28A9C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E08C254C-AC63-47FB-BE99-315A15C75205}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{1DF313BA-239F-41F3-99FB-AEF2AD9657A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B0FE817E-5D21-45AB-9EFE-07099F38FB67}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{1E0AC280-01F2-4505-80A4-CFBAC9C5F30B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{ECED5E46-C70C-4DFE-9B80-D8BD8C603C51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{80D5E629-DF16-4AF0-AFFB-EAA2E1459ADC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{49C89FC9-83A7-4474-AABF-368D930D395D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{EBEE128D-9529-40CB-AB0E-C4E0C728915B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{0EC2E3FC-B25F-47A5-9A47-D0D18F8C4F9F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{822BE676-81E2-4927-B3AF-26B15A6A3746}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{1781CA52-A6CE-42EA-9A4F-171A425AF061}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{2398F7C6-4E41-42F5-A6F2-221E6DA01D25}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{8A52B6E3-55B4-4273-944C-F0CE22407FC5}] => (Allow) LPort=1900
FirewallRules: [{777E581E-C36F-41BE-AAC6-0237D6BE555F}] => (Allow) LPort=2869
FirewallRules: [{A63C26C7-CAE3-475C-A4C1-D8ACDD4B4A09}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9D7813C4-3DE0-4D4F-BFA5-385DA133909F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{EF84013E-846E-4897-BA0F-5A182D2924E5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{ED0D6975-A6A4-4816-9127-17287808AF06}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{5A383381-CF20-4C80-BB6A-C134BC9FA5A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{0BB5CF19-872E-4024-BBA0-531D044BBACE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{6BFC361A-47E7-4363-8DF2-AA2CC1F57852}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{2794A85D-9529-43C5-B026-1E62EA511F6E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{0FC01CFD-BE3E-45C4-81DF-43D959BF9B21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{756BBABF-A918-4D92-B09E-F633030033B8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{02A5521B-BC56-48CD-B302-0471D52AE159}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{53292DC4-83F6-41FE-A3B7-5175D926DFFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1F8ADD1F-7717-4EDA-BCF1-00EC5DB49601}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4CAA38EB-9EC0-4CDE-BBD4-C35B295FFE03}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{46B3F78E-875B-4BD8-9260-AC8D14BB6914}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B44C9A83-EB3D-4AF5-98B6-A664F7D4FD1C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{362DC7E1-E4FD-4AA7-B325-6F486F771858}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AB3810BF-116F-42B0-BAC5-C8467074A256}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8D19D3CE-A4B6-4C77-8BC6-C9D1169F35AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{020ECBA5-7B60-4B53-B75C-EA0451BC8516}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{B5B287E4-0B76-4F74-B7BB-16AA0DC3D8A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3296E038-53F6-4EA1-B58B-66B5681B9C6C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D6C79FC6-25D8-4478-A545-2AC9A0AE28C9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{924A1E9E-385E-4FBD-AC25-498F195158EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A8A15F83-829C-4CF7-87B8-EF4222B0566C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{477BB437-77C7-47B4-AA9C-AF8EECA226E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6CF30ACB-47C2-4156-AA57-3828A4BD7117}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C6A5875F-A233-425C-A2D3-D97F7F9D1D65}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FF0FD29A-F6F3-4C24-9A34-7034B54FA360}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{0806B723-2B12-43E7-AF53-DB70465FE09A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{D3FC2E54-E65C-42CC-86A3-0E583C361757}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5F6EA66F-D1C2-4B31-83F7-EB48C06864D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{68F93BE6-96D7-4620-A65F-7B8FD6211AB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{FD953568-93D8-4E86-95E8-25A83BA7BEC9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{9CB068DF-6356-430B-B9FE-B6F0AFD554F9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{C6921B3D-4756-48E4-9609-AA8591ED6F5D}] => (Allow) D:\Ventrilo\Ventrilo.exe
FirewallRules: [{FB710C23-1262-4635-98DF-231423C1F0BE}] => (Allow) D:\Ventrilo\Ventrilo.exe
FirewallRules: [{A2921A59-F005-4AD4-BE61-579E068F837E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{7A9D98A9-DC21-4A13-BA9E-E8039403777B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{931165D4-D889-471F-8302-A4ED81A3B719}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{90D26312-1DCC-4BAA-8B8D-FAFFA26956A8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{3E76B074-A1FB-4983-A84E-3BAF2FA44C89}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F590A0A2-19D0-46CD-9FA0-48C3CFBEFAD0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{22AFB1A4-46B7-4280-98BC-103B83EB02CD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C55751FB-5505-45E4-B58F-D45F6FEAEC63}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1E2B0167-C004-409D-8E55-72C2409D12B1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{381E8562-61F2-430C-9154-FB9EA4AC6E37}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A139353A-3A2C-4B53-A090-659880DBF722}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{E2AA0C8D-327D-4EB9-BDBF-D03025D25736}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{5029CE16-7CAA-4D89-8289-4DE47EF03947}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{7BDCF36A-7615-46FB-800A-DE28C77BF2F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C5C9D50E-68AA-455F-A623-E7FD9A983711}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{26741B71-2FF7-4633-92C1-0A90B6F303E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{315E0B2F-69F5-4C42-8C0E-0C202713CC8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{444903BD-3222-40CF-8048-1402E90756F6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{E01E7475-FD71-4AA5-A9B9-2A4AFEDA9344}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{92992282-4FEC-4951-B6E1-281611FDA7AF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [TCP Query User{8AE3716F-46D9-4811-A03C-C5104808C4C7}C:\program files (x86)\electronic arts\ultima online classic\client.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online classic\client.exe
FirewallRules: [UDP Query User{1FD11C06-B402-4FEA-BEA6-21B2F7F9D17E}C:\program files (x86)\electronic arts\ultima online classic\client.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online classic\client.exe
FirewallRules: [{3E8D7EFB-7C51-4E69-B014-9A666C99A2F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A9CA762-E078-4027-93BD-74161089E5EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9A8F2E17-44D6-47E9-A18C-E604D3E1F1CE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{3F64670E-D00D-43E1-80AE-FDE4F7874B0F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{5B16814B-1B12-4C4C-B438-226BDAB77DA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{73132F0A-F1DE-4D05-8D35-F5FE6549BE23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{63BEB40F-1FEA-4091-9F9D-40F4668B1F1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E3C3ACF0-9453-4BBF-A90C-546A0A826D1C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{521887E9-0244-4F25-9440-3B8FB673B18A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{15D787F6-729E-4D9F-81E3-23353CB24F42}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{400A4682-EB9D-452E-A550-78AD13EFD1F0}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{03CF497B-EB50-4435-8A6D-EA1E78E6913C}C:\users\r\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\r\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4EFA24CE-C7D7-4329-9BC9-6CC86B2D565A}C:\users\r\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\r\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1CD3D9AC-9571-4B70-9AA3-CD489581CD9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4EFF67E6-644B-411B-871A-4CB82925F89B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

09-04-2017 07:37:02 Scheduled Checkpoint
18-04-2017 18:03:19 Scheduled Checkpoint
21-04-2017 18:22:31 Windows Update
22-04-2017 16:09:06 JRT Pre-Junkware Removal
23-04-2017 20:37:25 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2017 04:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/27/2017 04:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/27/2017 04:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDScanLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDScanLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/27/2017 04:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/27/2017 04:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/27/2017 04:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/27/2017 04:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/27/2017 04:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv32.sys".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv32.sys" on line 2.
The manifest file root element must be assembly.

Error: (04/27/2017 04:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll" on line 2.
The manifest file root element must be assembly.

Error: (04/27/2017 04:23:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv64.sys".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv64.sys" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (04/26/2017 12:47:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 12:47:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 12:47:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 12:47:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 12:47:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 12:46:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 12:33:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 12:33:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 12:33:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/26/2017 12:33:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-04-24 17:25:49.113
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-24 17:14:37.957
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-24 17:14:37.797
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-24 17:14:37.593
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-24 17:12:29.816
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-23 20:49:57.566
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-23 20:49:57.310
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-22 15:54:09.279
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-22 15:54:06.828
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-22 15:53:43.469
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 16301.49 MB
Available physical RAM: 12908.98 MB
Total Virtual: 18733.49 MB
Available Virtual: 14852.72 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:273.54 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data1) (Fixed) (Total:465.75 GB) (Free:414.29 GB) NTFS
Drive e: (Data2) (Fixed) (Total:465.76 GB) (Free:464.9 GB) NTFS
Drive f: (DATA) (Fixed) (Total:537.6 GB) (Free:536.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B477960E)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 115DA0F7)

Partition: GPT.

==================== End of Addition.txt ============================
 
It is my intentions to remove everything found related to Comodo,(and my fingers are crossed) if this is not what you want then please do not run this script.
IF, you do, then please ensure afterwards to enable Windows Defender and enable Windows Firewall for protection.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Or use this method Press the windows key
Windows_Logo_key.gif
+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

15wKX7o.jpg

start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\pooh0kfu.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
Unlock: D:\COMODO\COMODO Internet Security\cmdvirth.exe
S3 cmdvirth; D:\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-06] (COMODO)
Unlock: D:\COMODO\COMODO Internet Security\cmdvirth.exe
D:\COMODO\COMODO Internet Security\cmdvirth.exe
Unlock: D:\COMODO\COMODO Internet Security
D:\COMODO\COMODO Internet Security
C:\Users\R\Downloads\COMODO Removal Tool 2014 - Mods version.zip
C:\Users\Public\Desktop\COMODO Firewall.lnk
Unlock: C:\WINDOWS\system32\cmdshim64.dll
C:\WINDOWS\system32\cmdshim64.dll
Unlock: C:\ProgramData\ComodoC:\WINDOWS\SysWOW64\cmdshim32.dll
C:\ProgramData\ComodoC:\WINDOWS\SysWOW64\cmdshim32.dll
Unlock: C:\WINDOWS\System32\Tasks\COMODO
C:\WINDOWS\System32\Tasks\COMODO
Task: {90BA0751-0E8B-47AB-8D0C-1382229D6E3A} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => D:\COMODO\COMODO Internet Security\cistray.exe [2017-04-06] (COMODO)
Task: {A8A2D02D-661C-4222-9E9B-B42B43AB2D9C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {B4897E97-7A18-4F7A-A872-2ABDF4E5F601} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {CD5F0113-2871-44D3-A176-52D36E968E44} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {D4D68587-13B1-499D-BED2-668EBB9821C1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => D:\COMODO\COMODO Internet Security\cistray.exe [2017-04-06] (COMODO)
Task: {EFDFBAFB-9819-4D51-BA1E-A06E6B00A901} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothDesktopHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CellularAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CfgSPCellular.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CNC280C.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280I.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280L.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNC280O.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHI10A.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHL280.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCA6.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNHMCAN.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNMIUAA.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\CNMLMAA.DLL:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CspCellularSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDirectoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DuCsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAPNCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\musdialoghandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvaudcap64v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6431141.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435582.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435598.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispco6435850.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6431141.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435582.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435598.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nvdispgenco6435850.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintRenderAPIHost.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RdpRelayTransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSaveExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AiCM32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AiCM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNC280L.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNC280U.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNHMCA.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvaudcap32v.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nvStreaming.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSetup.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicDisplay.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicRender.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthLEEnum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvvad64v.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmclr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\Public\Desktop\Post Win10 Spybot-install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Andy-Guitar-Beginners-Course-eBook-Feb-2015.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Desktop\Supercharged-Hormone-Diet-Belly-Fat-Plan.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\2014-15 Approved SYC-FINAL.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\22LittleCloudsENGLISH.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\aimer-video-ultimate_setup_full523.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\AllProducts.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\avast_free_antivirus_setup_offline.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Avery-Label-6450(1).avery:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BagpipePlayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer(1).exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\BGPlayer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bluebells.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BMW1____.TTF:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\bonnie_dundee.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Bonny-Galloway-set.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Book01 15.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\BP-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\bruces-address-advanced.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Castle Dangerous Set LCPD.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\CoWPaD Castle Dangerous Seconds.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\DarkMarkIllusionScarf.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\FitbitConnect_Win_20150619_2.0.0.6598.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\flashplayer24_jd_install.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\GoogleEarthPluginSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.3.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.4.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\gordon pipe.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\Heroes-of-the-Storm-Setup-enUS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Im-a-believer.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\jfrd_tune_settings_book_05-2015.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig1(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Jig2.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\killiecrankie.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\laceyarchesinfinityscarf_aiid508740.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Little_Rucksack_Susie_ENG6.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\maris wedding.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\MarysMarch.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Ontario Railway Map Collection.kmz:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Ontario Railway Map Collection.kmz:$CmdZnID [26]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\PDQB-Exercises.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Reel1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\scotswhahae.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Secondhand-News.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\ServiceOntario Providing your Copy of Your Electronic Product.zip:$CmdTcID [130]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(1).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(2).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(3).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie(4).pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\sgt_mackenzie.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Silverlight_x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\springtimebandit_aiid145528.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Tachum1.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Thinking-out-loud.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\vol-4-track.pdf:$CmdTcID [64]
AlternateDataStreams: C:\Users\R\Downloads\Warmup1.pdf:$CmdTcID [64]
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
End
Click to expand...

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
Status
Not open for further replies.
Back
Top