Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-05-2016 Ran by samuel (2016-05-16 14:45:01) Running from C:\Users\samuel\Desktop Windows 10 Home Version 1511 (X64) (2016-05-11 07:11:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3690298984-718693576-1200642337-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3690298984-718693576-1200642337-503 - Limited - Disabled) Guest (S-1-5-21-3690298984-718693576-1200642337-501 - Limited - Disabled) samuel (S-1-5-21-3690298984-718693576-1200642337-1001 - Administrator - Enabled) => C:\Users\samuel ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden AntiLogger (HKLM-x32\...\AntiLogger) (Version: - Zemana Ltd.) AntiLogger (x32 Version: 1.9.3.602 - Zemana Ltd.) Hidden ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.9 - ASUS) ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.5 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS) Avast Premier (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software) Chromodo (HKLM-x32\...\Chromodo) (Version: 48.12.18.254 - Comodo) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation) KeyCrypt SDK version 1.8.1.199 (HKLM-x32\...\{5575EADE-4685-4E15-A9CD-6036BC2A3F75}_is1) (Version: 1.8.1.199 - Zemana Ltd.) Kits Configuration Installer (x32 Version: 10.1.10586.212 - Microsoft) Hidden Malwarebytes Anti-Malware versión 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mediatek Bluetooth (HKLM\...\{878D7C14-18BD-7A70-9292-C0B3CE374125}) (Version: 11.0.754.0 - Mediatek) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 es-MX)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 5.0.47.0 - Ralink) Software Intel® PROSet/Wireless (HKLM-x32\...\{cc892976-0919-4ba9-ab52-ae15d2127a12}) (Version: 18.21.0 - Intel Corporation) Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) WPT Redistributables (x32 Version: 10.1.10586.212 - Microsoft) Hidden WPTx64 (x32 Version: 10.1.10586.212 - Microsoft) Hidden ZTE Controlador USB del teléfono (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B06 - ZTE Corporation) ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3690298984-718693576-1200642337-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\samuel\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0207AAC2-DC94-40E4-BD72-0A726FD57D76} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {28694DF1-C527-4B11-ADD1-7DCFFD22A665} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {54BD775C-351E-45B3-8FA1-EA5BC0739458} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-05-11] (ASUS) Task: {589998D8-925E-41D9-805A-77ACB0F7F0F2} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-05-11] (ASUSTek Computer Inc.) Task: {60EC10DD-00CF-4B1B-860F-66A4D7F19D3F} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {6F411A59-828D-4058-8C47-BD1B553ADCFB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2016-05-11] (ASUSTek Computer Inc.) Task: {90C537F0-8CF5-4631-8DB6-8EE860069561} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-16] (AVAST Software) Task: {AA200DF4-5976-4932-AE04-DD60F1335E74} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {C81BCC37-482B-4C38-B235-B8BFF35377A5} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-07-28] (AsusTek) Task: {D3B4E765-7DF3-416F-B6A8-08E87FC6515D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-04-16 16:44 - 2016-04-16 16:44 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-16 16:44 - 2016-04-16 16:44 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-11 07:08 - 2016-05-11 07:08 - 00959176 _____ () C:\Users\samuel\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll 2016-05-11 22:01 - 2016-05-11 22:01 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-07-18 01:35 - 2015-07-29 11:12 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe 2015-12-19 12:24 - 2015-12-19 12:24 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-11 14:14 - 2016-05-11 14:14 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-11 14:14 - 2016-05-11 14:14 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-11 14:14 - 2016-05-11 14:14 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-11 14:14 - 2016-05-11 14:14 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-11 14:14 - 2016-05-11 14:14 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2014-02-25 22:17 - 2016-05-11 15:23 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2016-05-16 14:01 - 2016-05-16 14:01 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-16 14:01 - 2016-05-16 14:01 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-05-16 14:10 - 2016-05-16 14:10 - 02906624 _____ () C:\Program Files\AVAST Software\Avast\defs\16051602\algo.dll 2016-05-16 14:01 - 2016-05-16 14:01 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-05-16 14:01 - 2016-05-16 14:01 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-05-11 22:01 - 2016-05-11 22:01 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-05-11 22:01 - 2016-05-11 22:01 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-05-11 07:08 - 2016-05-11 07:08 - 00679624 _____ () C:\Users\samuel\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll 2016-05-16 14:01 - 2016-05-16 14:01 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2014-04-02 14:46 - 2014-04-02 14:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\setup.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppointmentActivation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ASGCoInstaller_x64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\athwbx.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BackgroundTransferHost.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BdeHdCfgLib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BingOnlineServices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\browser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ByteCodeGenerator.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CallHistoryClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CellularAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\coin95ip.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\coin95itp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\configurationclient.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DAFWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DDDS.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\directmanipulation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmcsps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmenterprisediagnostics.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DptfParticipantDisplayService.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DptfParticipantProcessorService.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DptfPolicyCriticalService.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DptfPolicyLpmService.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DPTopologyApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DPTopologyAppv2_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwminit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\easinvoker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ExtrasXmlParser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FilterDS.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveskybackup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fwbase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fwpolicyiomgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GfxUIEx.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Gfxv2_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Gfxv4_0.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\hmkd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iassam.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCUIService.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\igfxEM.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxHK.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxSDK.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxTray.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ihvrilproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelCpHDCPSvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\irmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iuilp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\jsproxy.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerShellext.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapControlStringsRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvcProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapsCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mapstoasttask.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mapsupdatetask.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MbaeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MBMediaManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MDEServer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mdmmigrator.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MessagingDataModel2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mftranscode.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MosHostClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MosResource.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSFlacDecoder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mssign32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MsSpellCheckingFacility.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msvcp120.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msvcr120.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MTF.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MTFServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nativemap.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ncbservice.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngckeyenum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngcpopkeysrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NmaDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NotificationObjFactory.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\offlinelsa.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\oleacchooks.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\omadmapi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\omadmclient.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OpenWith.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pcaui.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PhoneCallHistoryApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PhoneProviders.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PhoneService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenanceClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\policymanagerprecheck.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\POSyncServices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provpackageapidll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\QuickActionsDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasadhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasauto.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasautou.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\readingviewresources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\rilproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RMSRoamingSecurity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\scapi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SensorsNativeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SensorsNativeApi.V2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SensorsUtilsV2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [32] AlternateDataStreams: C:\WINDOWS\system32\SimAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SimCfg.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SMSRouter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SmsRouterSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\srcore.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\srpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sscoreext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\stdcfltnco08.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SubscriptionMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SyncController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tileobjserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TimeBrokerServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCoreRes.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataAccountApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataLanguageUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDataTypeHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usermgrcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vaultsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vcomp100.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VEDataLayerHelpers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VEEventDispatcher.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wcmcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WiFiConfigSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wifiprofilessettinghandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winbio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winhttpcom.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wininit.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpdbusenum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsplib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsqmcons.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WSService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuautoappupdate.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Wwanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XblAuthManagerProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XblGameSave.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ztrace_maps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AccountsRt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BingOnlineServices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CallHistoryClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CSVer.dll:$CmdZnID [26] AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\directmanipulation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DptfInvalidPolicyRemover.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\esif_uf.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\fwbase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\hmkd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iassam.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlStringsRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MessagingDataModel2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mftranscode.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MosHostClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MosResource.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSFlacDecoder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mssign32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MTF.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NmaDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NotificationObjFactory.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinelsa.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacchooks.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenWith.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\pcaui.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\POSyncServices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rasadhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rasautou.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdlg.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsNativeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SimAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SimCfg.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SRHInproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\usermgrcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\VEEventDispatcher.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WiFiDisplay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winbio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttpcom.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wkscli.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanmsm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlansec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\wwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ztrace_maps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\AiCharger.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\appid.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\AsHIDSwitch64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\AsusTP.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BrSerIf.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BrUsbSer.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\btath_bus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\DptfDevDisplay.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dptf_cpu.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\esif_lf.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\filecrypt.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hw_usbdev.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaLPSS_GPIO.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaLPSS_I2C.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaLPSS_SPI.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\iaLPSS_UART2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\necbatt.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdstor.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\serial.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\SET88FC.tmp:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudserd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ST_Accel.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\UcmCx.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ufx01000.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ufxsynopsys.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbser.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBSTOR.SYS:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdfCoInstaller01011.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\Public\Desktop\avast_premier_antivirus_setup_online.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Public\Desktop\avast_premier_antivirus_setup_online.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Desktop\aswMBR.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Desktop\aswMBR.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Desktop\avast_premier_antivirus_setup_online.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Desktop\avast_premier_antivirus_setup_online.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Desktop\esetsmartinstaller_esn.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Desktop\esetsmartinstaller_esn.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Desktop\firefox.com:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Desktop\firefox.com:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Desktop\rkill.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Desktop\rkill.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Desktop\tdsskiller.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Desktop\tdsskiller.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\ASUS_FlipLock_Win81_64_VER105.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\ASUS_FlipLock_Win81_64_VER105.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100034(1).zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100034(1).zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100034.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100034.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100037.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\ATKPackage_Win81_64_VER100037.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\BackTracker_Win81_64_VER309.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\BackTracker_Win81_64_VER309.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\Bluetooth_Intel_Win81_64_VER3113110402.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\Bluetooth_Intel_Win81_64_VER3113110402.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\Bluetooth_QualcommAtheros_Win81_64_VER801318.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\Bluetooth_QualcommAtheros_Win81_64_VER801318.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\Buletooth_Intel_Win81_64_VER17014050464.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\Buletooth_Intel_Win81_64_VER17014050464.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\CardReader_Alcor_Win81_64_VER2041011743857.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\CardReader_Alcor_Win81_64_VER2041011743857.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\Chipset_Intel_Win81_64_VER9401027.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\DPTF_Intel_Win81_64_VER7102105.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\DPTF_Intel_Win81_64_VER7102105.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\G_Sensor_Invensense_Win81_64_VER8490116.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\G_Sensor_Invensense_Win81_64_VER8490116.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\G_Sensor_Invensense_Win81_64_VER849014.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\G_Sensor_Invensense_Win81_64_VER849014.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\HDDProtection_Win81_64_VER4070057.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\HDDProtection_Win81_64_VER4070057.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\KBFilter_Win81_64_VER1005.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\KBFilter_Win81_64_VER1005.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\mbam-chameleon-3.1.30.0.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\mbam-chameleon-3.1.30.0.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\sdksetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\sdksetup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\SerialIO_Intel_Win81_64_VER111650.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\SerialIO_Intel_Win81_64_VER111650.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\SmartGesture_Win81_64_VER2219.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\SmartGesture_Win81_64_VER2219.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\Sophos Virus Removal Tool.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\Sophos Virus Removal Tool.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\Splendid_Win81_64_VER3010003.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\Splendid_Win81_64_VER3010003.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\USBChargerPlus_Win81_64_VER319.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\USBChargerPlus_Win81_64_VER319.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\VGA_Intel_Broadwell_Win81_64_VER1018144112.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\VGA_Intel_Broadwell_Win81_64_VER1018144112.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\VGA_Intel_MSHybrid_Win81_64_VER101810349601.zip:$CmdTcID [130] AlternateDataStreams: C:\Users\samuel\Downloads\VGA_Intel_MSHybrid_Win81_64_VER101810349601.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\VGA_nVidia_Win81_64_VER918133311.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\VGA_nVidia_Win81_64_VER918133311.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\WiFi_Intel_Win81_64_VER17015.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\WiFi_Intel_Win81_64_VER17015.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\winrar-x64-531es.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\samuel\Downloads\winrar-x64-531es.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\samuel\Downloads\WLAN_QualcommAtheros_Win81_64_VER1000287.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\WLAN_QualcommAtheros_Win81_64_VER1000287.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\samuel\Downloads\WLAN_Ralink_Win81_64_VER50470.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\samuel\Downloads\WLAN_Ralink_Win81_64_VER50470.zip:$CmdZnID [26] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84450515.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84450515.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-05-11 02:20 - 2016-05-11 02:16 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3690298984-718693576-1200642337-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{81AD1292-6AED-455E-8A01-BD28CB6ACF7A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{DDF4E3C6-AD72-44EB-9396-220E1985B7E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{44B70912-DCDF-47AD-BFBA-8670DA5E1DAF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 11-05-2016 07:10:38 Software Intel® PROSet/Wireless 16-05-2016 13:52:02 Removed COMODO Internet Security Premium ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/16/2016 02:41:55 PM) (Source: DptfEvent) (EventID: 2) (User: ) Description: DptfPolicyLpmServiceHelper WinMain: CreateSharedMemory() failed. Session ID = 1 Error: (05/16/2016 02:41:55 PM) (Source: DptfEvent) (EventID: 3) (User: ) Description: DptfPolicyLpmServiceHelper CreateSharedMemory: WaitForSingleObject() with g_pkeLpmSharedMemoryCreated failed Last error = [0x00000102] Session ID = 1 Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfParticipantDisplayService GetDisplayBrightnessFromPowerSettings: Could not inform driver of current brightness value. Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfParticipantDisplayService SetBrightnessSettingInDriver: p_handle is NULL. Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfPolicyConfigTDPService ServiceMain: ServiceStart() failed. Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfParticipantDisplayService SetDisplayBrightnessViaPowerSettings: Could not obtain brightness value to set from driver. Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfPolicyLpmService CreateApplicationList: dptfFrameworkHandle is NULL. Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfPolicyCriticalService ServiceMain: ServiceStart() failed. Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfPolicyConfigTDPService ServiceStart: ConnectToDptfFrameworkDriver() failed. Error: (05/16/2016 02:34:55 PM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfProcessorParticipantService ServiceMain: ServiceStart() failed. System errors: ============= Error: (05/16/2016 02:35:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: El servicio MBAMService no pudo iniciarse debido al siguiente error: %%1053 Error: (05/16/2016 02:35:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio MBAMService. Error: (05/16/2016 02:34:18 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: El cierre anterior del sistema a las 2:06:39 PM del ‎5/‎16/‎2016 resultó inesperado. Error: (05/16/2016 02:05:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio User Data Access_4319a terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Restart the service. Error: (05/16/2016 02:05:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio User Data Storage_4319a terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Restart the service. Error: (05/16/2016 02:05:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Contact Data_4319a terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Restart the service. Error: (05/16/2016 02:05:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: El servicio Sync Host_4319a terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Restart the service. Error: (05/16/2016 02:05:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (05/16/2016 01:55:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Sync Host_57b1f. Error: (05/16/2016 01:55:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio User Data Storage_57b1f. CodeIntegrity: =================================== Date: 2016-05-16 13:55:32.835 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-16 13:51:34.915 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 13:35:12.412 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-12 15:51:19.454 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-12 15:32:27.778 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-12 15:26:52.146 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-12 15:15:25.331 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-12 00:09:40.711 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-11 22:59:06.532 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-11 22:47:20.447 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz Percentage of memory in use: 30% Total physical RAM: 5835.43 MB Available physical RAM: 4053.94 MB Total Virtual: 7499.43 MB Available Virtual: 5773.52 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:276.59 GB) (Free:185.42 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: B4FA98D2) Partition: GPT. ==================== End of Addition.txt ============================