CloseProcesses: CreateRestorePoint: HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO) C:\Program Files\COMODO HKLM-x32\...\Run: [] => [X] SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_bimmed_15_32&cd=2XzuyEtN2Y1L1Qzuzz0C0D0C0DyEzz0FzztDzyyEtCyD0B0FtN0D0Tzu0StCtAtCtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0EtAyE0DyB0EyDtGtAtCtBtBtG0CtD0FtAtGtB0CzztAtG0AyEyBzztByBtByEyDzzyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AyCtA0F0C0EzztGzzyE0ByDtGyE0C0EyEtGzyyCyDyCtG0ByDyC0A0D0E0AyBtDtAtCyE2QtN0A0LzutB&cr=677307708&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_bimmed_15_32&cd=2XzuyEtN2Y1L1Qzuzz0C0D0C0DyEzz0FzztDzyyEtCyD0B0FtN0D0Tzu0StCtAtCtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0EtAyE0DyB0EyDtGtAtCtBtBtG0CtD0FtAtGtB0CzztAtG0AyEyBzztByBtByEyDzzyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AyCtA0F0C0EzztGzzyE0ByDtGyE0C0EyEtGzyyCyDyCtG0ByDyC0A0D0E0AyBtDtAtCyE2QtN0A0LzutB&cr=677307708&ir= SearchScopes: HKLM -> {7AA09867-4E54-4A2D-8945-253DC20DF31F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {7AA09867-4E54-4A2D-8945-253DC20DF31F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3362210265-411881243-2323848730-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_bimmed_15_32&cd=2XzuyEtN2Y1L1Qzuzz0C0D0C0DyEzz0FzztDzyyEtCyD0B0FtN0D0Tzu0StCtAtCtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0EtAyE0DyB0EyDtGtAtCtBtBtG0CtD0FtAtGtB0CzztAtG0AyEyBzztByBtByEyDzzyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AyCtA0F0C0EzztGzzyE0ByDtGyE0C0EyEtGzyyCyDyCtG0ByDyC0A0D0E0AyBtDtAtCyE2QtN0A0LzutB&cr=677307708&ir= SearchScopes: HKU\S-1-5-21-3362210265-411881243-2323848730-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_bimmed_15_32&cd=2XzuyEtN2Y1L1Qzuzz0C0D0C0DyEzz0FzztDzyyEtCyD0B0FtN0D0Tzu0StCtAtCtAtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyC0EtAyE0DyB0EyDtGtAtCtBtBtG0CtD0FtAtGtB0CzztAtG0AyEyBzztByBtByEyDzzyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AyCtA0F0C0EzztGzzyE0ByDtGyE0C0EyEtGzyyCyDyCtG0ByDyC0A0D0E0AyBtDtAtCyE2QtN0A0LzutB&cr=677307708&ir= SearchScopes: HKU\S-1-5-21-3362210265-411881243-2323848730-1001 -> {7AA09867-4E54-4A2D-8945-253DC20DF31F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File] R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2062384 2016-02-03] (Comodo) C:\Program Files (x86)\Comodo S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-08-06] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO) S2 postgresql-x64-9.3; "C:\Program Files\PostgreSQL\9.3\bin\pg_ctl.exe" runservice -N "postgresql-x64-9.3" -D "C:/Program Files/PostgreSQL/9.3/data" -w [X] <==== ATTENTION C:\Program Files\PostgreSQL R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [21720 2015-08-04] (COMODO) R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [827632 2015-08-04] (COMODO) R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [35056 2015-08-04] (COMODO) 2017-04-08 17:47 - 2017-04-08 17:47 - 00000099 _____ C:\WINDOWS\Reimage.ini 2017-02-07 22:14 - 2014-05-15 13:56 - 6730304 _____ (Foxit Corporation) C:\Users\justin\AppData\Local\Temp\Foxit PhantomPDF Updater.exe 2017-03-16 20:22 - 2017-03-16 20:23 - 0046080 ____N () C:\Users\justin\AppData\Local\Temp\javasysmo6552880227619821798.dll 2017-02-16 15:23 - 2017-02-16 15:23 - 0046080 ____N () C:\Users\justin\AppData\Local\Temp\javasysmo801082026864872640.dll 2016-08-16 02:48 - 2016-08-16 02:48 - 0488960 _____ () C:\Users\justin\AppData\Local\Temp\sqlite3.exe CustomCLSID: HKU\S-1-5-21-3362210265-411881243-2323848730-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\justin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3362210265-411881243-2323848730-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\justin\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3362210265-411881243-2323848730-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\justin\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3362210265-411881243-2323848730-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\justin\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3362210265-411881243-2323848730-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\justin\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3362210265-411881243-2323848730-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\justin\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3362210265-411881243-2323848730-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\justin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3362210265-411881243-2323848730-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\justin\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3362210265-411881243-2323848730-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\justin\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3362210265-411881243-2323848730-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\justin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3362210265-411881243-2323848730-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\justin\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File Task: {4B46C689-4602-472F-B602-F2A4FFD92597} - System32\Tasks\COMODO CertSentry Updater => C:\windows\system32\certsentry.exe Task: {4B47CFDF-80E1-4C1F-AB53-E716367DF1C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-03] (Google Inc.) Task: {50019C33-F70C-4BA7-A599-9EA2D6FA537E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3362210265-411881243-2323848730-1001Core => C:\Users\justin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {552146B9-2A4F-4E49-9DE3-BE560E7AFFC1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {6D37677E-2A75-41D5-977A-259FB5244B4E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {7F036925-3020-40AC-BBCF-C248D4B2A9A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {A90D4D30-205B-4397-8169-F12C140BB157} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {CF30D8C6-27A1-49D5-82D1-4AE06237AE5B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {D046A2EA-471B-4916-A796-B1BE2981F000} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {D4FA233C-8689-4ACA-A29C-E398E356F834} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {E3573D5F-7E9B-4009-98A9-FD14417CCAFA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {ED164490-0685-4E2F-99BF-601D6E4DF93A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {EE67811D-2484-4C4D-ABE4-DA754A836D32} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {FD484DA3-E71F-4999-8756-8252A813C775} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3362210265-411881243-2323848730-1001Core.job => C:\Users\justin\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3362210265-411881243-2323848730-1001UA.job => C:\Users\justin\AppData\Local\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ActionCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\btwdi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BtwRSupportService.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cngkeyhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CX64APO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Family.Authentication.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FMAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiD711.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpinkinsD711.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hpinkstsD711LM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HPScanTRDrv_EN4520.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HPWia2_EN4520.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\igfxCoIn_v4360.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ImplatSetup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiMCComp64.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\IntelWiDiUMS64.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ListSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSAudDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\MSVideoDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RCoInstII64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RltkAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RP3DAA64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RP3DHT64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\rshx32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTCOM64.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\RtDataProc64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTEED64A.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTEEG64A.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTEEL64A.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTEEP64A.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RtkApi64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RtkCfg64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RtkCoLDR64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RtlCPAPI64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RtNicProp64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RtPgEx64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTSnMg64.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\securekernel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFCOM64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFComm64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFDAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFHAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFNHK64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFProc64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SFSAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shdocvw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\skci.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRAPO64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRCOM64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRRPTR64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRSHP64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRSTSH64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRSTSX64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SRSWOW64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01009.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ActionCenterCPL.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthExt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cngkeyhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovslegacy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d8.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DataExchange.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\DolbyDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dtdump.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\efsext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\iscsiwmi.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManagerApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msinfo32.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\NPSM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SFCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\SRCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\weretw.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wininetlui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bcbtums.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthA2DP.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthLEEnum.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\btwampfl.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\iwdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\rt640x64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\RTKVHD64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\serscan.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssudmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\winhvr.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Desktop\Justin Weatherly Professional Reference - Copy.docx:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Desktop\Justin Weatherly Professional Reference - Copy.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Desktop\Justin Weatherly Resume.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Desktop\Justin Weatherly Resume.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\20160330_211101.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\20160330_211101.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\20160330_221943.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\20160330_221943.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\20160330_222036.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\20160330_222036.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\20160330_222104.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\20160330_222104.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\20160412_183819 (1).jpg:$CmdTcID [130] AlternateDataStreams: C:\Users\justin\Downloads\20160412_183819 (1).jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\20160412_183819.jpg:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\20160412_183819.jpg:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\adobe_flash_player.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\adobe_flash_player.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\americascardroom_com.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\americascardroom_com.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\BovadaPoker (1).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\BovadaPoker (1).exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\BovadaPoker (2).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\BovadaPoker (2).exe:$CmdZnID [29] AlternateDataStreams: C:\Users\justin\Downloads\CapitalOne_Statement_052016_8751.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\CapitalOne_Statement_062016_8751.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\CapitalOne_Statement_072016_8751.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\CapitalOne_Statement_082016_8751.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\CapitalOne_Statement_092016_8751 (1).pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\CapitalOne_Statement_092016_8751.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Documents.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Documents.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\EligibilityNotice (1).pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\EligibilityNotice.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\EN4520_72.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (1) (1) (1).PDF:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (1) (1) (1).PDF:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (1) (1).PDF:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (1) (1).PDF:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (1) (2).PDF:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (1) (2).PDF:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (1) (3).PDF:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (1) (4).PDF:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (1).PDF:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (2).PDF:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (2).PDF:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (3).PDF:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2 (3).PDF:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2.PDF:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Eric Weatherly Resume 2.PDF:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\EricCWeatherlyResume (1).docx:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\EricCWeatherlyResume (1).docx:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\EricCWeatherlyResume.docx:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\EricCWeatherlyResume.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\EricWeatherlyResume2.PDF.docx:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\FlashPlayerPro (1).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\FlashPlayerPro (1).exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\FlashPlayerPro.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\FlashPlayerPro.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\GoogleEarthSetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\GoogleEarthSetup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\HPEasyStart_4_0_2829_44.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\HPEasyStart_4_0_2829_44.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\IgnitionCasino.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\IgnitionCasino.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\justin\Downloads\IMG_4092.JPG:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\IMG_4092.JPG:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\IMG_4095.JPG:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\IMG_4095.JPG:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\iTunes6464Setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\iTunes6464Setup.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\justin\Downloads\java_runtime_enviroment_setup (1).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\java_runtime_enviroment_setup (1).exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\java_runtime_enviroment_setup (2).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\java_runtime_enviroment_setup (2).exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\java_runtime_enviroment_setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\java_runtime_enviroment_setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Justin Weatherly Letter.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\JUSTIN WEATHERLY NEWEST RESUME1.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Kanye West The Life Of Pablo.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Kanye West The Life Of Pablo.zip:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\mbam-setup-2.1.4.1018.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\justin\Downloads\mbam-setup-2.1.4.1018.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\message.html:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\message.html:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\PastBills.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\paulas choice pdf.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\printpdfservlet268dbdb8.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\printpdfservlet268dbdb8.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\printpdfservletd2ce0ff5.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\printpdfservletd2ce0ff5.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\printpdfservleteb831c19.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\printpdfservleteb831c19.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\PT-Install-v4.14.21.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\PT-Install-v4.14.21.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Resume201510291246.pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Resume201510291246.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\Setup.X86.en-US_O365HomePremRetail_8954df68-fa63-4f94-8a28-f189e7cc4a3b_TX_PR_.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\Setup.X86.en-US_O365HomePremRetail_8954df68-fa63-4f94-8a28-f189e7cc4a3b_TX_PR_.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\SkypeSetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\SkypeSetup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\torbrowser-install-4.0.5_en-US.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\torbrowser-install-4.0.5_en-US.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\torrentsTime-download (1).exe.cf5jrrx.partial:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\torrentsTime-download (2).exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\torrentsTime-download (2).exe:$CmdZnID [29] AlternateDataStreams: C:\Users\justin\Downloads\torrentsTime-download.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\torrentsTime-download.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\justin\Downloads\transcriptPDF (1).pdf:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\transcriptPDF (1).pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\transcriptPDF.pdf:$CmdZnID [26] AlternateDataStreams: C:\Users\justin\Downloads\win-mg2900-1_1-ucd.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\justin\Downloads\win-mg2900-1_1-ucd.exe:$CmdZnID [26] CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: hosts: Emptytemp: