Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Running Very Slow - Files Not Showing Up?


  • This topic is locked This topic is locked
30 replies to this topic

#1 paudusd

paudusd

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 05 July 2017 - 09:28 PM

My computer has been running very slow.  Everything I click on (start bar, icons, etc..) is super slow to respond.  If I open a program (any program) it takes beyond an excessive time to respond and open.  If I open say my computer.. it takes quite a while for the window to show up - but then when it does it still takes awhile for it to load and allow me to click on anything else.

 

Another goofy thing I noticed today while getting ready to post this - for some reason with my windows explorer I can't see the .txt files that I save with notepad.  So the FRST program creates the 2 files..  I save them.  I can click open in notepad and see them in that explorer but if I open my computer and browse to that same file location - it doesn't show up.

 

So when I tried to attach the Addition .txt  file to this forum - it didn't show up.  I made a work around by right clicking and creating a new text document - then copy/pasting the contents of the Addition.txt file to the new .txt document I just created.  When I did that I can see it in my computer and this web forum.  I don't know if that is related at all to the slow issues I've been having or it's just some goofy setting on my computer.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
Ran by cpaulson12 (administrator) on CHRISTI-LAPTOP (05-07-2017 21:03:40)
Running from C:\PC FIX
Loaded Profiles: cpaulson12 (Available Profiles: cpaulson12)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Smilebox, Inc.) C:\Users\cpaulson12\AppData\Roaming\Smilebox\SmileboxTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-19] (Apple Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2016-03-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1487552 2017-04-22] (COMODO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-06-30] (COMODO)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-30] (Google)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [SmileboxTray] => C:\Users\cpaulson12\AppData\Roaming\Smilebox\SmileboxTray.exe [350168 2017-03-10] (Smilebox, Inc.)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-19] (Apple Inc.)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-05-19] (Apple Inc.)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-05-19] (Apple Inc.)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [12382536 2016-08-04] (Plex, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a7f7e4ca-068a-4e43-8a44-69a72b3fd351}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b9fcbe7e-5a2d-4970-8c14-59edcbad455b}: [DhcpNameServer] 75.75.76.76 75.75.75.75
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A90A3198-80B1-4AE3-8B57-6F7FA26DB44E} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: bmhm66bm.default-1417700445447
FF ProfilePath: C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\bmhm66bm.default-1417700445447 [2016-06-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-23] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default [2017-07-05]
CHR Extension: (Google Drive) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Pinterest Save Button) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-27]
CHR Extension: (Gmail) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKU\S-1-5-21-185766733-1824046107-1153005522-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1227264 2017-03-14] (Microsoft Corporation) [File not signed]
R2 nsi; C:\WINDOWS\System32\nsisvc.dll [30720 2016-07-16] (Microsoft Corporation) [File not signed]
U3 VSS; C:\WINDOWS\system32\vssvc.exe [1443328 2017-05-12] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\WINDOWS\system32\winhttp.dll [818176 2017-03-14] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\WINDOWS\SysWOW64\winhttp.dll [636928 2017-03-14] (Microsoft Corporation) [File not signed]
U3 AJRouter; C:\WINDOWS\System32\AJRouter.dll [24576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ALG; C:\WINDOWS\System32\alg.exe [95744 2016-07-16] (Microsoft Corporation) [File not signed]
U2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
U3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [124416 2017-05-12] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [125952 2017-03-14] (Microsoft Corporation) [File not signed]
U2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-05-19] (Apple Inc.)
U3 AppReadiness; C:\WINDOWS\system32\AppReadiness.dll [560128 2017-05-12] (Microsoft Corporation) [File not signed]
U3 AppXSvc; C:\WINDOWS\system32\appxdeploymentserver.dll [2278400 2017-04-13] (Microsoft Corporation) [File not signed]
U2 AudioEndpointBuilder; C:\WINDOWS\System32\AudioEndpointBuilder.dll [337920 2017-05-12] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [942080 2017-05-12] (Microsoft Corporation) [File not signed]
U3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [113664 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BDESVC; C:\WINDOWS\System32\bdesvc.dll [361472 2016-12-06] (Microsoft Corporation) [File not signed]
U2 BFE; C:\WINDOWS\System32\bfe.dll [795648 2016-07-16] (Microsoft Corporation) [File not signed]
U2 BITS; C:\WINDOWS\System32\qmgr.dll [1054208 2016-12-06] (Microsoft Corporation) [File not signed]
U2 BrokerInfrastructure; C:\WINDOWS\System32\bisrv.dll [770560 2017-05-12] (Microsoft Corporation) [File not signed]
U3 Browser; C:\WINDOWS\System32\browser.dll [134656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [321536 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bthserv; C:\WINDOWS\system32\bthserv.dll [157184 2017-05-12] (Microsoft Corporation) [File not signed]
U2 CDPSvc; C:\WINDOWS\System32\CDPSvc.dll [411648 2016-12-09] (Microsoft Corporation) [File not signed]
U2 CDPUserSvc; C:\WINDOWS\System32\CDPUserSvc.dll [339456 2016-12-09] (Microsoft Corporation) [File not signed]
U3 CertPropSvc; C:\WINDOWS\System32\certprop.dll [193536 2017-03-14] (Microsoft Corporation) [File not signed]
U2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [10512032 2017-04-22] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2017-04-22] (COMODO)
U2 CoreMessagingRegistrar; C:\WINDOWS\SysWOW64\coremessaging.dll [483840 2017-05-12] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [81920 2016-07-16] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [890368 2017-05-12] (Microsoft Corporation) [File not signed]
U3 DcpSvc; C:\WINDOWS\system32\dcpsvc.dll [183808 2016-07-16] (Microsoft Corporation) [File not signed]
U3 defragsvc; C:\WINDOWS\System32\defragsvc.dll [511488 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DeviceAssociationService; C:\WINDOWS\system32\das.dll [447488 2016-12-06] (Microsoft Corporation) [File not signed]
U3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [111104 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DevQueryBroker; C:\WINDOWS\system32\DevQueryBroker.dll [34304 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\WINDOWS\system32\dhcpcore.dll [360960 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [292864 2016-07-16] (Microsoft Corporation) [File not signed]
U3 diagnosticshub.standardcollector.service; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [93184 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [1984000 2017-05-12] (Microsoft Corporation) [File not signed]
U3 DmEnrollmentSvc; C:\WINDOWS\system32\Windows.Internal.Management.dll [407552 2017-05-12] (Microsoft Corporation) [File not signed]
U3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [298496 2017-05-12] (Microsoft Corporation) [File not signed]
U3 dmwappushservice; C:\WINDOWS\system32\dmwappushsvc.dll [57344 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [264704 2017-03-14] (Microsoft Corporation) [File not signed]
U2 DoSvc; C:\WINDOWS\system32\dosvc.dll [1231872 2017-04-13] (Microsoft Corporation) [File not signed]
U3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [262144 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DPS; C:\WINDOWS\system32\dps.dll [172032 2016-07-16] (Microsoft Corporation) [File not signed]
U2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2295992 2016-03-23] (Comodo)
U3 DsmSvc; C:\WINDOWS\System32\DeviceSetupManager.dll [197632 2016-07-16] (Microsoft Corporation) [File not signed]
U3 DsSvc; C:\WINDOWS\System32\DsSvc.dll [152576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EapHost; C:\WINDOWS\System32\eapsvc.dll [112128 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EFS; C:\WINDOWS\system32\efssvc.dll [55296 2016-07-16] (Microsoft Corporation) [File not signed]
U3 embeddedmode; C:\WINDOWS\System32\embeddedmodesvc.dll [140800 2016-07-16] (Microsoft Corporation) [File not signed]
U3 EntAppSvc; C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll [285696 2016-12-09] (Microsoft Corporation) [File not signed]
U2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2016-03-11] (ELAN Microelectronics Corp.)
U2 EventLog; C:\WINDOWS\System32\wevtsvc.dll [1709056 2016-12-06] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\WINDOWS\system32\es.dll [453632 2016-07-16] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [347136 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Fax; C:\WINDOWS\system32\fxssvc.exe [644608 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [20992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 FDResPub; C:\WINDOWS\system32\fdrespub.dll [35328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [122368 2016-07-16] (Microsoft Corporation) [File not signed]
U2 FontCache; C:\WINDOWS\system32\FntCache.dll [1844224 2017-05-12] (Microsoft Corporation) [File not signed]
U3 FrameServer; C:\WINDOWS\system32\FrameServer.dll [805888 2017-03-14] (Microsoft Corporation) [File not signed]
U3 hidserv; C:\WINDOWS\system32\hidserv.dll [36864 2016-07-16] (Microsoft Corporation) [File not signed]
U3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HomeGroupListener; C:\WINDOWS\system32\ListSvc.dll [274432 2016-12-06] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\WINDOWS\system32\provsvc.dll [447488 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [385536 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HvHost; C:\WINDOWS\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation) [File not signed]
U3 icssvc; C:\WINDOWS\System32\tetheringservice.dll [202240 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IKEEXT; C:\WINDOWS\System32\ikeext.dll [932352 2016-07-16] (Microsoft Corporation) [File not signed]
U2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [945664 2017-03-14] (Microsoft Corporation) [File not signed]
U3 irmon; C:\WINDOWS\System32\irmon.dll [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-06-30] (COMODO)
U3 KeyIso; C:\WINDOWS\system32\keyiso.dll [96768 2016-07-16] (Microsoft Corporation) [File not signed]
U3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [70656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [376320 2016-07-16] (Microsoft Corporation) [File not signed]
U2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [305152 2016-07-16] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [283648 2016-12-09] (Microsoft Corporation) [File not signed]
U3 lfsvc; C:\WINDOWS\System32\lfsvc.dll [37376 2016-07-16] (Microsoft Corporation) [File not signed]
U3 LicenseManager; C:\WINDOWS\system32\LicenseManagerSvc.dll [26112 2016-12-06] (Microsoft Corporation) [File not signed]
U3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [275456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [27136 2016-07-16] (Microsoft Corporation) [File not signed]
U2 LSM; C:\WINDOWS\System32\lsm.dll [691712 2016-12-09] (Microsoft Corporation) [File not signed]
U2 MapsBroker; C:\WINDOWS\System32\moshost.dll [82944 2017-03-14] (Microsoft Corporation) [File not signed]
U3 MessagingService; C:\WINDOWS\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation) [File not signed]
U2 MpsSvc; C:\WINDOWS\system32\mpssvc.dll [893952 2017-03-14] (Microsoft Corporation) [File not signed]
U3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [151552 2016-07-16] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [65024 2016-07-16] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [58368 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [167936 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcbService; C:\WINDOWS\System32\ncbservice.dll [339968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [88576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\WINDOWS\system32\netlogon.dll [827392 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [670720 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Netman; C:\WINDOWS\System32\netman.dll [259072 2016-07-16] (Microsoft Corporation) [File not signed]
U3 netprofm; C:\WINDOWS\System32\netprofmsvc.dll [519168 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NetSetupSvc; C:\WINDOWS\System32\NetSetupSvc.dll [265728 2016-12-06] (Microsoft Corporation) [File not signed]
U3 NgcCtnrSvc; C:\WINDOWS\System32\NgcCtnrSvc.dll [331264 2017-05-12] (Microsoft Corporation) [File not signed]
U3 NgcSvc; C:\WINDOWS\system32\ngcsvc.dll [983040 2017-05-12] (Microsoft Corporation) [File not signed]
U2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
U2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [368640 2016-12-06] (Microsoft Corporation) [File not signed]
U2 OneSyncSvc; C:\WINDOWS\System32\APHostService.dll [366592 2016-07-16] (Microsoft Corporation) [File not signed]
U3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [425472 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [21504 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PhoneSvc; C:\WINDOWS\System32\PhoneService.dll [781824 2016-12-06] (Microsoft Corporation) [File not signed]
U3 PimIndexMaintenanceSvc; C:\WINDOWS\System32\PimIndexMaintenance.dll [203264 2017-03-14] (Microsoft Corporation) [File not signed]
U3 pla; C:\WINDOWS\system32\pla.dll [1457152 2016-07-16] (Microsoft Corporation) [File not signed]
U3 pla; C:\WINDOWS\SysWOW64\pla.dll [1536512 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [111104 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [345088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [391168 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Power; C:\WINDOWS\system32\umpo.dll [123904 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3318784 2017-05-12] (Microsoft Corporation) [File not signed]
U2 ProfSvc; C:\WINDOWS\system32\profsvc.dll [358400 2016-12-06] (Microsoft Corporation) [File not signed]
U3 QWAVE; C:\WINDOWS\system32\qwave.dll [275456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [234496 2016-07-16] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [105472 2016-07-16] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\WINDOWS\System32\rasmans.dll [657920 2017-05-12] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [496128 2016-12-06] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [431104 2016-12-06] (Microsoft Corporation) [File not signed]
U4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [155648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RetailDemo; C:\WINDOWS\system32\RDXService.dll [650752 2017-05-12] (Microsoft Corporation) [File not signed]
U2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
U3 RmSvc; C:\WINDOWS\System32\RMapi.dll [140800 2016-12-06] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [79360 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2016-07-16] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [890368 2017-05-12] (Microsoft Corporation) [File not signed]
U4 SCardSvr; C:\WINDOWS\System32\SCardSvr.dll [250880 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [201728 2017-01-11] (Microsoft Corporation) [File not signed]
U2 Schedule; C:\WINDOWS\system32\schedsvc.dll [948224 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SCPolicySvc; C:\WINDOWS\System32\certprop.dll [193536 2017-03-14] (Microsoft Corporation) [File not signed]
U3 SDRSVC; C:\WINDOWS\System32\SDRSVC.dll [147968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 seclogon; C:\WINDOWS\system32\seclogon.dll [31232 2016-07-16] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\System32\sens.dll [70656 2016-12-06] (Microsoft Corporation) [File not signed]
U3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1312768 2017-03-14] (Microsoft Corporation) [File not signed]
U3 SensorService; C:\WINDOWS\system32\SensorService.dll [417792 2016-12-06] (Microsoft Corporation) [File not signed]
U3 SensrSvc; C:\WINDOWS\system32\sensrsvc.dll [179200 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [387072 2016-12-06] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [331776 2016-12-06] (Microsoft Corporation) [File not signed]
U4 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [541696 2017-03-14] (Microsoft Corporation) [File not signed]
U2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [617472 2016-07-16] (Microsoft Corporation) [File not signed]
U2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [566784 2016-07-16] (Microsoft Corporation) [File not signed]
U4 shpamsvc; C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 smphost; C:\WINDOWS\System32\smphost.dll [23552 2016-12-06] (Microsoft Corporation) [File not signed]
U3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2016-12-06] (Microsoft Corporation) [File not signed]
U3 SmsRouter; C:\WINDOWS\system32\SmsRouterSvc.dll [590848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2016-07-16] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [792576 2017-03-14] (Microsoft Corporation) [File not signed]
U3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [236544 2016-07-16] (Microsoft Corporation) [File not signed]
U3 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [209920 2016-07-16] (Microsoft Corporation) [File not signed]
U3 StateRepository; C:\WINDOWS\system32\windows.staterepository.dll [4136448 2016-12-09] (Microsoft Corporation) [File not signed]
U3 StateRepository; C:\WINDOWS\SysWOW64\windows.staterepository.dll [3370496 2016-12-09] (Microsoft Corporation) [File not signed]
U2 stisvc; C:\WINDOWS\System32\wiaservc.dll [646656 2017-05-12] (Microsoft Corporation) [File not signed]
U3 StorSvc; C:\WINDOWS\system32\storsvc.dll [396800 2016-12-09] (Microsoft Corporation) [File not signed]
U3 svsvc; C:\WINDOWS\system32\svsvc.dll [13824 2016-07-16] (Microsoft Corporation) [File not signed]
U3 swprv; C:\WINDOWS\System32\swprv.dll [467456 2016-07-16] (Microsoft Corporation) [File not signed]
U2 SysMain; C:\WINDOWS\system32\sysmain.dll [944128 2016-07-16] (Microsoft Corporation) [File not signed]
U2 SystemEventsBroker; C:\WINDOWS\System32\SystemEventsBrokerServer.dll [387072 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [148992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [309248 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [254976 2016-07-16] (Microsoft Corporation) [File not signed]
S3 TermService; C:\WINDOWS\System32\termsrv.dll [987648 2016-07-16] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation) [File not signed]
U2 tiledatamodelsvc; C:\WINDOWS\system32\tileobjserver.dll [574976 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TimeBrokerSvc; C:\WINDOWS\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation) [File not signed]
U2 TrkWks; C:\WINDOWS\System32\trkwks.dll [116736 2016-07-16] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [122880 2016-12-09] (Microsoft Corporation) [File not signed]
U4 tzautoupdate; C:\WINDOWS\system32\tzautoupdate.dll [95232 2017-03-14] (Microsoft Corporation) [File not signed]
U3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [42496 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [273408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UnistoreSvc; C:\WINDOWS\System32\unistore.dll [1184256 2017-05-12] (Microsoft Corporation) [File not signed]
U3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [968704 2017-03-14] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\WINDOWS\System32\upnphost.dll [440832 2016-07-16] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [328192 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UserDataSvc; C:\WINDOWS\System32\userdataservice.dll [1512448 2017-03-14] (Microsoft Corporation) [File not signed]
U2 UserManager; C:\WINDOWS\System32\usermgr.dll [1021440 2017-05-12] (Microsoft Corporation) [File not signed]
U3 UsoSvc; C:\WINDOWS\system32\usocore.dll [548864 2017-05-12] (Microsoft Corporation) [File not signed]
U3 VaultSvc; C:\Windows\System32\vaultsvc.dll [358912 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vds; C:\WINDOWS\System32\vds.exe [649216 2017-05-12] (Microsoft Corporation) [File not signed]
U3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [305152 2016-12-06] (Microsoft Corporation) [File not signed]
U3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [305152 2016-12-06] (Microsoft Corporation) [File not signed]
U3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [305152 2016-12-06] (Microsoft Corporation) [File not signed]
U3 vmicrdv; C:\WINDOWS\System32\icsvcext.dll [349696 2017-03-14] (Microsoft Corporation) [File not signed]
U3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [305152 2016-12-06] (Microsoft Corporation) [File not signed]
U3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [305152 2016-12-06] (Microsoft Corporation) [File not signed]
U3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [305152 2016-12-06] (Microsoft Corporation) [File not signed]
U3 vmicvss; C:\WINDOWS\System32\icsvcext.dll [349696 2017-03-14] (Microsoft Corporation) [File not signed]
U2 W32Time; C:\WINDOWS\system32\w32time.dll [520192 2016-12-06] (Microsoft Corporation) [File not signed]
U3 WalletService; C:\WINDOWS\system32\WalletService.dll [436224 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wbengine; C:\WINDOWS\system32\wbengine.exe [1547264 2017-05-12] (Microsoft Corporation) [File not signed]
U2 WbioSrvc; C:\WINDOWS\System32\wbiosrvc.dll [837632 2017-01-11] (Microsoft Corporation) [File not signed]
U2 Wcmsvc; C:\WINDOWS\System32\wcmsvc.dll [715776 2017-03-14] (Microsoft Corporation) [File not signed]
U3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [468992 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [97792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [97792 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-05-12] (Microsoft Corporation)
U3 WebClient; C:\WINDOWS\System32\webclnt.dll [227328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [198656 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [206848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wercplsupport; C:\WINDOWS\System32\wercplsupport.dll [94208 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WerSvc; C:\WINDOWS\System32\WerSvc.dll [156672 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [82944 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-05-12] (Microsoft Corporation)
U2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [222720 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2716672 2016-12-09] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2333184 2017-05-12] (Microsoft Corporation) [File not signed]
U3 wisvc; C:\WINDOWS\system32\flightsettings.dll [635904 2017-05-12] (Microsoft Corporation) [File not signed]
U2 WlanSvc; C:\WINDOWS\System32\wlansvc.dll [2370048 2017-03-14] (Microsoft Corporation) [File not signed]
U3 wlidsvc; C:\WINDOWS\system32\wlidsvc.dll [2104320 2017-05-12] (Microsoft Corporation) [File not signed]
U3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [203264 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1184256 2016-12-06] (Microsoft Corporation) [File not signed]
U3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1837056 2017-03-14] (Microsoft Corporation) [File not signed]
U3 WPDBusEnum; C:\WINDOWS\system32\wpdbusenum.dll [88064 2016-07-16] (Microsoft Corporation) [File not signed]
U2 WpnService; C:\WINDOWS\system32\WpnService.dll [234496 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WpnUserService; C:\WINDOWS\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [184832 2016-12-09] (Microsoft Corporation) [File not signed]
U2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [903680 2017-03-14] (Microsoft Corporation) [File not signed]
U2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [773120 2017-03-14] (Microsoft Corporation) [File not signed]
U3 wuauserv; C:\WINDOWS\system32\wuaueng.dll [2316288 2017-05-12] (Microsoft Corporation) [File not signed]
U3 wudfsvc; C:\WINDOWS\System32\WUDFSvc.dll [99840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WwanSvc; C:\WINDOWS\System32\wwansvc.dll [1282048 2017-03-14] (Microsoft Corporation) [File not signed]
U3 XblAuthManager; C:\WINDOWS\System32\XblAuthManager.dll [1016320 2017-03-14] (Microsoft Corporation) [File not signed]
U3 XblGameSave; C:\WINDOWS\System32\XblGameSave.dll [1159680 2016-07-16] (Microsoft Corporation) [File not signed]
U3 XboxNetApiSvc; C:\WINDOWS\system32\XboxNetApiSvc.dll [1025536 2017-03-14] (Microsoft Corporation) [File not signed]
U2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [235520 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AcpiDev; C:\WINDOWS\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U3 acpipagr; C:\WINDOWS\System32\drivers\acpipagr.sys [12288 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AcpiPmi; C:\WINDOWS\System32\drivers\acpipmi.sys [14336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 acpitime; C:\WINDOWS\System32\drivers\acpitime.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U1 ahcache; C:\WINDOWS\System32\DRIVERS\ahcache.sys [227328 2016-12-06] (Microsoft Corporation) [File not signed]
U3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [123392 2016-07-16] (Microsoft Corporation) [File not signed]
U3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [120832 2016-07-16] (Microsoft Corporation) [File not signed]
U2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U3 applockerfltr; C:\WINDOWS\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation) [File not signed]
U2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
U3 AsyncMac; C:\WINDOWS\System32\drivers\asyncmac.sys [28160 2016-07-16] (Microsoft Corporation) [File not signed]
U3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2016-07-16] (Qualcomm Atheros Communications, Inc.) [File not signed]
U3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) [File not signed]
U1 BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [56320 2017-04-13] (Microsoft Corporation) [File not signed]
U1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [41472 2017-04-13] (Microsoft Corporation) [File not signed]
U3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows ® Win 7 DDK provider) [File not signed]
U3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2016-07-16] (Windows ® Win 7 DDK provider) [File not signed]
U1 Beep; C:\Windows\System32\Drivers\Beep.sys [9728 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bowser; C:\WINDOWS\System32\DRIVERS\bowser.sys [101888 2016-12-06] (Microsoft Corporation) [File not signed]
U3 BthAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [43008 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BthEnum; C:\WINDOWS\System32\drivers\BthEnum.sys [114176 2016-12-06] (Microsoft Corporation) [File not signed]
U3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [65536 2016-07-16] (Microsoft Corporation) [File not signed]
U3 bthhfhid; C:\WINDOWS\System32\drivers\BthHFHid.sys [31232 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BthLEEnum; C:\WINDOWS\System32\drivers\BthLEEnum.sys [249856 2017-05-12] (Microsoft Corporation) [File not signed]
U3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [66048 2016-07-16] (Microsoft Corporation) [File not signed]
U3 BthPan; C:\WINDOWS\System32\drivers\bthpan.sys [128512 2016-12-06] (Microsoft Corporation) [File not signed]
U3 BTHPORT; C:\WINDOWS\System32\drivers\BTHport.sys [967680 2017-05-12] (Microsoft Corporation) [File not signed]
U3 BTHUSB; C:\WINDOWS\System32\drivers\BTHUSB.sys [84992 2016-12-06] (Microsoft Corporation) [File not signed]
U3 buttonconverter; C:\WINDOWS\System32\drivers\buttonconverter.sys [38912 2016-07-16] (Microsoft Corporation) [File not signed]
U3 CapImg; C:\WINDOWS\System32\drivers\capimg.sys [118272 2016-12-06] (Microsoft Corporation) [File not signed]
U4 cdfs; C:\WINDOWS\System32\DRIVERS\cdfs.sys [92160 2016-07-16] (Microsoft Corporation) [File not signed]
U1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [173056 2016-07-16] (Microsoft Corporation) [File not signed]
U3 circlass; C:\WINDOWS\System32\drivers\circlass.sys [48640 2016-07-16] (Microsoft Corporation) [File not signed]
U2 clreg; C:\WINDOWS\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation) [File not signed]
U3 CmBatt; C:\WINDOWS\System32\drivers\CmBatt.sys [29696 2016-07-16] (Microsoft Corporation) [File not signed]
U1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [40960 2017-03-30] (COMODO)
U1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [831504 2017-03-30] (COMODO)
U1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [50808 2017-03-30] (COMODO)
U3 CompositeBus; C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys [39936 2016-07-16] (Microsoft Corporation) [File not signed]
U1 Dfsc; C:\WINDOWS\System32\Drivers\dfsc.sys [145408 2017-03-14] (Microsoft Corporation) [File not signed]
U3 dmvsc; C:\WINDOWS\System32\drivers\dmvsc.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2015-03-27] (Windows ® Win 7 DDK provider)
U3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2015-03-27] (Windows ® Win 7 DDK provider)
U3 ErrDev; C:\WINDOWS\System32\drivers\errdev.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U3 exfat; C:\Windows\System32\Drivers\exfat.sys [334848 2016-07-16] (Microsoft Corporation) [File not signed]
U3 fdc; C:\WINDOWS\System32\drivers\fdc.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U1 FileCrypt; C:\WINDOWS\System32\drivers\filecrypt.sys [88576 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Filetrace; C:\WINDOWS\System32\drivers\filetrace.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U3 flpydisk; C:\WINDOWS\System32\drivers\flpydisk.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 gencounter; C:\WINDOWS\System32\drivers\vmgencounter.sys [13312 2016-07-16] (Microsoft Corporation) [File not signed]
U3 genericusbfn; C:\WINDOWS\System32\drivers\genericusbfn.sys [20480 2016-07-16] (Microsoft Corporation) [File not signed]
U1 GpuEnergyDrv; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [8192 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HDAudBus; C:\WINDOWS\System32\drivers\HDAudBus.sys [83456 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidBth; C:\WINDOWS\System32\drivers\hidbth.sys [108032 2016-07-16] (Microsoft Corporation) [File not signed]
U3 hidi2c; C:\WINDOWS\System32\drivers\hidi2c.sys [51200 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidIr; C:\WINDOWS\System32\drivers\hidir.sys [46592 2016-07-16] (Microsoft Corporation) [File not signed]
U3 HidUsb; C:\WINDOWS\System32\drivers\hidusb.sys [38400 2016-12-06] (Microsoft Corporation) [File not signed]
U3 hyperkbd; C:\WINDOWS\System32\drivers\hyperkbd.sys [16384 2016-07-16] (Microsoft Corporation) [File not signed]
U3 i8042prt; C:\WINDOWS\System32\drivers\i8042prt.sys [114176 2016-07-16] (Microsoft Corporation) [File not signed]
U3 iagpio; C:\WINDOWS\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel® Corporation) [File not signed]
U3 iai2c; C:\WINDOWS\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel® Corporation) [File not signed]
U3 iaLPSS2i_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation) [File not signed]
U3 iaLPSSi_I2C; C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152 2016-07-16] (Intel Corporation) [File not signed]
U3 IndirectKmd; C:\WINDOWS\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation) [File not signed]
U1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [129200 2017-03-30] (COMODO)
U3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [134144 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [85504 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IPNAT; C:\WINDOWS\System32\drivers\ipnat.sys [212480 2016-07-16] (Microsoft Corporation) [File not signed]
U3 irda; C:\WINDOWS\system32\drivers\irda.sys [120320 2016-07-16] (Microsoft Corporation) [File not signed]
U3 IRENUM; C:\WINDOWS\System32\drivers\irenum.sys [19456 2016-07-16] (Microsoft Corporation) [File not signed]
U1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [62208 2017-03-29] (COMODO)
U3 kbdhid; C:\WINDOWS\System32\drivers\kbdhid.sys [39424 2016-12-06] (Microsoft Corporation) [File not signed]
U3 kdnic; C:\WINDOWS\System32\drivers\kdnic.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ksthunk; C:\WINDOWS\system32\drivers\ksthunk.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U2 lltdio; C:\WINDOWS\System32\drivers\lltdio.sys [66048 2016-07-16] (Microsoft Corporation) [File not signed]
U2 luafv; C:\WINDOWS\system32\drivers\luafv.sys [125952 2016-07-16] (Microsoft Corporation) [File not signed]
U2 MMCSS; C:\WINDOWS\system32\drivers\mmcss.sys [48128 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Modem; C:\WINDOWS\System32\drivers\modem.sys [42496 2016-12-09] (Microsoft Corporation) [File not signed]
U3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [38400 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mouhid; C:\WINDOWS\System32\drivers\mouhid.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mpsdrv; C:\WINDOWS\System32\drivers\mpsdrv.sys [75776 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MRxDAV; C:\WINDOWS\system32\drivers\mrxdav.sys [143872 2016-12-06] (Microsoft Corporation) [File not signed]
U2 mrxsmb10; C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys [282624 2016-12-09] (Microsoft Corporation) [File not signed]
U3 MsBridge; C:\WINDOWS\System32\drivers\bridge.sys [115200 2017-05-12] (Microsoft Corporation) [File not signed]
U3 mshidkmdf; C:\WINDOWS\System32\drivers\mshidkmdf.sys [8704 2016-07-16] (Microsoft Corporation) [File not signed]
U3 mshidumdf; C:\WINDOWS\System32\drivers\mshidumdf.sys [11776 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSKSSRV; C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys [27136 2017-03-14] (Microsoft Corporation) [File not signed]
U2 MsLldp; C:\WINDOWS\System32\drivers\mslldp.sys [78336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSPCLOCK; C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys [10752 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSPQM; C:\WINDOWS\system32\DRIVERS\MSPQM.sys [10752 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MSTEE; C:\WINDOWS\system32\DRIVERS\MSTEE.sys [12800 2016-07-16] (Microsoft Corporation) [File not signed]
U3 MTConfig; C:\WINDOWS\System32\drivers\MTConfig.sys [15872 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NativeWifiP; C:\WINDOWS\System32\DRIVERS\nwifi.sys [535552 2017-03-14] (Microsoft Corporation) [File not signed]
U3 NdisCap; C:\WINDOWS\System32\drivers\ndiscap.sys [50176 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisImPlatform; C:\WINDOWS\System32\drivers\NdisImPlatform.sys [126464 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Ndisuio; C:\WINDOWS\System32\drivers\ndisuio.sys [63488 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisVirtualBus; C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [20480 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NdisWan; C:\WINDOWS\System32\drivers\ndiswan.sys [189440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ndiswanlegacy; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [189440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 ndproxy; C:\WINDOWS\System32\DRIVERS\NDProxy.sys [60928 2016-07-16] (Microsoft Corporation) [File not signed]
U2 Ndu; C:\WINDOWS\System32\drivers\Ndu.sys [125440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () [File not signed]
U1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [279040 2016-07-16] (Microsoft Corporation) [File not signed]
U1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [68608 2016-07-16] (Microsoft Corporation) [File not signed]
U1 npsvctrig; C:\WINDOWS\System32\drivers\npsvctrig.sys [26624 2016-07-16] (Microsoft Corporation) [File not signed]
U1 nsiproxy; C:\WINDOWS\System32\drivers\nsiproxy.sys [41984 2016-07-16] (Microsoft Corporation) [File not signed]
U1 Null; C:\Windows\System32\Drivers\Null.sys [7168 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Parport; C:\WINDOWS\System32\drivers\parport.sys [96768 2016-07-16] (Microsoft Corporation) [File not signed]
U2 PEAUTH; C:\WINDOWS\System32\drivers\peauth.sys [723968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 PptpMiniport; C:\WINDOWS\System32\drivers\raspptp.sys [96256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Processor; C:\WINDOWS\System32\drivers\processr.sys [119808 2016-07-16] (Microsoft Corporation) [File not signed]
U3 QWAVEdrv; C:\WINDOWS\system32\drivers\qwavedrv.sys [48640 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [17408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasAgileVpn; C:\WINDOWS\System32\drivers\AgileVpn.sys [107520 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Rasl2tp; C:\WINDOWS\System32\drivers\rasl2tp.sys [104960 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [81408 2017-05-12] (Microsoft Corporation) [File not signed]
U3 RasSstp; C:\WINDOWS\System32\drivers\rassstp.sys [77824 2016-07-16] (Microsoft Corporation) [File not signed]
U3 rdpbus; C:\WINDOWS\System32\drivers\rdpbus.sys [26112 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RDPDR; C:\WINDOWS\System32\drivers\rdpdr.sys [177152 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RFCOMM; C:\WINDOWS\System32\drivers\rfcomm.sys [183808 2016-07-16] (Microsoft Corporation) [File not signed]
U2 rspndr; C:\WINDOWS\System32\drivers\rspndr.sys [81408 2016-07-16] (Microsoft Corporation) [File not signed]
U3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2016-12-09] (Realsil Semiconductor Corporation)
U3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
U3 s3cap; C:\WINDOWS\System32\drivers\vms3cap.sys [9216 2016-07-16] (Microsoft Corporation) [File not signed]
U3 scfilter; C:\WINDOWS\System32\DRIVERS\scfilter.sys [43008 2016-07-16] (Microsoft Corporation) [File not signed]
U3 scmdisk0101; C:\WINDOWS\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Serenum; C:\WINDOWS\System32\drivers\serenum.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Serial; C:\WINDOWS\System32\drivers\serial.sys [83968 2016-07-16] (Microsoft Corporation) [File not signed]
U3 sermouse; C:\WINDOWS\System32\drivers\sermouse.sys [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 sfloppy; C:\WINDOWS\System32\drivers\sfloppy.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U2 srv; C:\WINDOWS\System32\DRIVERS\srv.sys [409600 2017-05-12] (Microsoft Corporation) [File not signed]
U3 srv2; C:\WINDOWS\System32\DRIVERS\srv2.sys [713216 2017-05-12] (Microsoft Corporation) [File not signed]
U3 srvnet; C:\WINDOWS\System32\DRIVERS\srvnet.sys [248320 2016-12-06] (Microsoft Corporation) [File not signed]
U2 storqosflt; C:\WINDOWS\System32\drivers\storqosflt.sys [78336 2016-07-16] (Microsoft Corporation) [File not signed]
U3 Synth3dVsc; C:\WINDOWS\System32\drivers\Synth3dVsc.sys [64000 2016-07-16] (Microsoft Corporation) [File not signed]
U2 tcpipreg; C:\WINDOWS\System32\drivers\tcpipreg.sys [52224 2017-03-14] (Microsoft Corporation) [File not signed]
U3 tsusbflt; C:\WINDOWS\System32\drivers\TsUsbFlt.sys [61440 2016-07-16] (Microsoft Corporation) [File not signed]
U3 TsUsbGD; C:\WINDOWS\System32\drivers\TsUsbGD.sys [34304 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmCx0101; C:\WINDOWS\System32\Drivers\UcmCx.sys [95744 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmTcpciCx0101; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UcmUcsi; C:\WINDOWS\System32\drivers\UcmUcsi.sys [50688 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation) [File not signed]
U4 udfs; C:\WINDOWS\System32\DRIVERS\udfs.sys [320000 2016-07-16] (Microsoft Corporation) [File not signed]
U3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [56832 2016-07-16] (Microsoft Corporation) [File not signed]
U3 UmPass; C:\WINDOWS\System32\drivers\umpass.sys [13824 2016-07-16] (Microsoft Corporation) [File not signed]
U3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-07-15] (Apple, Inc.) [File not signed]
U3 usbcir; C:\WINDOWS\System32\drivers\usbcir.sys [102400 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbohci; C:\WINDOWS\System32\drivers\usbohci.sys [30208 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbprint; C:\WINDOWS\System32\drivers\usbprint.sys [27648 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [46592 2016-12-11] (Microsoft Corporation) [File not signed]
U3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [69120 2016-07-16] (Microsoft Corporation) [File not signed]
U3 usbuhci; C:\WINDOWS\System32\drivers\usbuhci.sys [35328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vhf; C:\WINDOWS\System32\drivers\vhf.sys [32256 2016-07-16] (Microsoft Corporation) [File not signed]
U3 VMBusHID; C:\WINDOWS\System32\drivers\VMBusHID.sys [25088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vmgid; C:\WINDOWS\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vwifibus; C:\WINDOWS\System32\drivers\vwifibus.sys [26624 2016-07-16] (Microsoft Corporation) [File not signed]
U1 vwififlt; C:\WINDOWS\System32\drivers\vwififlt.sys [73216 2016-07-16] (Microsoft Corporation) [File not signed]
U3 vwifimp; C:\WINDOWS\System32\drivers\vwifimp.sys [40448 2017-05-12] (Microsoft Corporation) [File not signed]
U3 WacomPen; C:\WINDOWS\System32\drivers\wacompen.sys [30208 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [79872 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wanarpv6; C:\WINDOWS\System32\DRIVERS\wanarp.sys [79872 2016-07-16] (Microsoft Corporation) [File not signed]
U2 wcnfs; C:\WINDOWS\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
U3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
U3 wdiwifi; C:\WINDOWS\System32\DRIVERS\wdiwifi.sys [719872 2017-03-14] (Microsoft Corporation) [File not signed]
U3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 WINUSB; C:\WINDOWS\System32\drivers\WinUSB.SYS [89088 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WmiAcpi; C:\WINDOWS\System32\drivers\wmiacpi.sys [18432 2016-07-16] (Microsoft Corporation) [File not signed]
U4 ws2ifsl; C:\WINDOWS\system32\drivers\ws2ifsl.sys [22528 2016-07-16] (Microsoft Corporation) [File not signed]
U3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U3 WudfPf; C:\WINDOWS\System32\drivers\WudfPf.sys [99328 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFRd; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) [File not signed]
U3 xboxgip; C:\WINDOWS\System32\drivers\xboxgip.sys [258560 2017-03-14] (Microsoft Corporation) [File not signed]
U3 xinputhid; C:\WINDOWS\System32\drivers\xinputhid.sys [43520 2016-12-06] (Microsoft Corporation) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-05 20:52 - 2017-07-05 20:52 - 00179440 _____ C:\Users\cpaulson12\Documents\Addition.txt
2017-07-05 20:52 - 2017-07-05 20:52 - 00179440 _____ C:\Addition.txt
2017-07-05 20:29 - 2017-07-05 20:38 - 00179461 _____ C:\Users\cpaulson12\Downloads\Addition.txt
2017-07-05 20:25 - 2017-07-05 20:39 - 00013512 _____ C:\Users\cpaulson12\Downloads\FRST.txt
2017-07-05 20:18 - 2017-07-05 20:19 - 02436608 _____ (Farbar) C:\Users\cpaulson12\Downloads\FRST64.exe
2017-07-05 20:13 - 2017-07-05 20:40 - 00000000 ____D C:\PC FIX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-05 21:06 - 2014-12-05 11:39 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2017-07-05 21:03 - 2014-12-05 12:03 - 00373868 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-07-05 21:01 - 2016-05-06 17:54 - 00000000 ___RD C:\Users\cpaulson12\iCloudDrive
2017-07-05 21:01 - 2014-12-05 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-07-05 21:01 - 2014-12-05 11:34 - 00000000 ____D C:\ProgramData\Comodo
2017-07-05 21:00 - 2014-07-09 14:59 - 00000000 ___RD C:\Users\cpaulson12\Google Drive
2017-07-05 20:57 - 2016-12-06 06:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-05 20:56 - 2016-04-11 20:55 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-07-05 20:33 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-05 20:33 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-05 19:59 - 2016-12-06 05:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-05 19:37 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-30 02:11 - 2017-05-19 21:22 - 00257064 _____ (COMODO) C:\WINDOWS\system32\iseguard64.dll
2017-06-30 02:11 - 2017-05-19 21:22 - 00206048 _____ (COMODO) C:\WINDOWS\SysWOW64\iseguard32.dll
2017-06-23 22:36 - 2014-07-09 20:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-23 22:23 - 2014-10-21 21:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-22 16:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-22 16:36 - 2016-12-20 19:15 - 00003298 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 16:36 - 2016-04-11 22:30 - 00002389 _____ C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 16:36 - 2016-04-11 22:30 - 00000000 ___RD C:\Users\cpaulson12\OneDrive
2017-06-22 16:30 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-18 16:18 - 2014-07-09 19:40 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-18 15:17 - 2014-12-05 12:03 - 00000000 ___HD C:\VTRoot
2017-06-18 15:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories =======
 
2014-09-28 22:45 - 2014-10-21 20:45 - 0000095 _____ () C:\Users\cpaulson12\AppData\Roaming\WB.CFG
2016-03-23 19:35 - 2016-07-31 00:19 - 0014848 _____ () C:\Users\cpaulson12\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-06 05:27 - 2016-12-06 05:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-07-05 21:00 - 2017-07-05 21:00 - 4109176 _____ (COMODO) C:\Users\cpaulson12\AppData\Local\Temp\ise_installer.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe
[2017-05-12 19:30] - [2017-05-12 19:30] - 0673792 _____ (Microsoft Corporation) B2151FE002A8D3F41E2DF935F260E3A8
 
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe
[2016-07-16 06:42] - [2016-07-16 06:42] - 0033280 _____ (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69
 
C:\WINDOWS\SysWOW64\userinit.exe
[2016-07-16 06:42] - [2016-07-16 06:42] - 0027648 _____ (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B
 
C:\WINDOWS\system32\rpcss.dll
[2017-05-12 19:30] - [2017-05-12 19:30] - 0890368 _____ (Microsoft Corporation) 4A7015195E49A3BA7DB967B277B21E9D
 
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-05 19:48
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:09 PM

Posted 09 July 2017 - 08:44 AM

Greetings paudusd and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CMD: type "C:\Addition.txt"
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 paudusd

paudusd
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 09 July 2017 - 08:38 PM

Alright..

 

When I right clicked and ran as administrator - I got a few error messages

 

 

"Warning!

 

Error saving file

C:\FRST\HIVES\DRIVERS

 

Continue with the next file?

 

[RegCreateKeyEx: 5 - Access is denied]

 

I can attach a picture of what the message looked like - if that's helpful.  I got 10 different messages like this just with different file locations.

 

 

Below is my fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by cpaulson12 (09-07-2017 20:24:05) Run:3
Running from C:\PC FIX
Loaded Profiles: cpaulson12 (Available Profiles: cpaulson12)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CMD: type "C:\Addition.txt"
 
*****************
 
 
========= type "C:\Addition.txt" =========
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by cpaulson12 (05-07-2017 20:42:36)
Running from C:\PC FIX
Windows 10 Home Version 1607 (X64) (2016-12-06 11:09:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{49717648-68B0-3342-F28B-7DF710E1EBF4}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
COMODO Antivirus (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 10.0.1.6223 - COMODO Security Solutions Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 48.12.18.249 - Comodo)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.413499.43 - Comodo)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
King's Quest (HKLM\...\Steam App 345390) (Version:  - The Odd Gentlemen)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Plex Media Server (HKLM-x32\...\{6C038F54-63AD-45B6-82F0-DB016AACC332}) (Version: 1.0.2461 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{95a48f45-ab01-45f1-877e-2e99428cfe59}) (Version: 1.0.3.2461 - Plex, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Sling (HKLM-x32\...\{33B2A40C-B8BF-4E5A-8213-1EEB309B0DD0}) (Version: 4.8.154 - Echostar)
Smilebox (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Smilebox) (Version: 1.0.0.30225 - Smilebox, Inc.)
Start Menu (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Pokki_Start_Menu) (Version: 0.269.4.103 - Pokki)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stopping Plex (HKLM-x32\...\{837B7322-3B78-4F10-9D00-5F15DE968660}) (Version: 1.0.2461 - Plex, Inc.) Hidden
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
ContextMenuHandlers01: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-04-22] (COMODO)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-08-17] (Nitro PDF)
ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers02: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-04-22] (COMODO)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-08-01] (Malwarebytes)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-04-22] (COMODO)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-08-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05F5C82A-3CC1-434E-A4D7-D5160B276856} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {0BE616DE-FAAB-4880-A2F8-44C18A10B098} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0FCAAF23-12AC-4FEE-ABF9-DE43E085F24D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2209DCE6-3563-48C7-9C36-180BBA71445B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {2BA60223-33C5-48F2-9771-ACE08F730EDD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {31195041-96A7-4850-A831-8ACD63D4FFF0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3CE885C6-DED7-4AC4-8126-7FB38E024F73} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {409641CD-782D-4245-BE14-C0D8F4F725C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {42CC9D07-B517-4760-9D8D-166C23FF55D9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-05-19] (Apple Inc.)
Task: {43EF10F9-4498-4032-ADF9-DA5990C40FA0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {475AF506-796E-43FD-867A-E2542F999887} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4808CEBA-CD6B-4595-A16B-E2504A3EF9A6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-23] (Adobe Systems Incorporated)
Task: {53E33EBF-74C2-4070-836B-6B88450AE365} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {550C2EDB-C6F5-45DE-BFA8-9F6A9B6F5FC2} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {57A85140-69BD-46C9-9E9F-371F83ABFAC0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2017-05-22] (Microsoft Corporation)
Task: {59D744C1-AABD-4BBA-B7FE-5A04325EDC37} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6240ED74-41B7-4E58-B048-43A9FA1958E1} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {66BFA79F-028F-4721-9FF5-D93EBE4399C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6F8CA9AD-3C6F-41FC-B85E-5CFF04EDD9FD} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-22] (COMODO)
Task: {90A4BB21-85A3-4C8D-B585-77FACB0C4913} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {9BA8CE80-23A2-42B4-B771-F25E23A2B39C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {9CC9985E-1A1F-4856-9ADA-DABF527D53D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {9D53FD1F-02EE-47C0-9DB0-4AA2A5F85F5F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-22] (COMODO)
Task: {9DB6C33C-90C5-486F-A357-1FCE20B64D2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {A3309C9D-4F6A-441B-955F-A00FC979FBD0} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {AA0DB3F1-F4E2-4035-B81D-BED64B6AAD63} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {B75A126B-9EDF-4CB7-8F21-D3ABAC67005A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {BB2E0078-51CA-455F-9DC6-40F59DB0F46F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C88CEF1D-40E3-4307-AD13-5B50EE12FCFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C8CB2942-2B9D-479C-9289-4A8FE2C13807} - \WPD\SqmUpload_S-1-5-21-185766733-1824046107-1153005522-1002 -> No File <==== ATTENTION
Task: {D034C5A0-B00C-4D58-8F15-CFCB3E6B5817} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E3B7B63A-DACE-434F-A25F-5F3D56B74610} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {E64DEF63-70D5-4E78-9985-42CAB1F4F2C3} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-22] (COMODO)
Task: {EFB5DFCD-4E01-4CF7-975F-DE72304321D6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F05D87F6-74E3-411E-947B-D92CB55111AF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F5A9DB10-0B43-4424-841C-CEB41B36941C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --prerender=disabled
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --prerender=disabled
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-12 19:31 - 2017-05-12 19:31 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-02-15 22:27 - 2012-04-24 05:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-11-04 17:43 - 2015-11-04 17:43 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-11 07:55 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-04-20 16:48 - 2017-04-22 17:28 - 00156352 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2014-11-13 11:52 - 2017-04-22 17:27 - 00244928 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2014-11-13 11:52 - 2017-04-22 17:27 - 00107200 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2016-07-27 17:43 - 2017-04-18 16:26 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-12-06 07:11 - 2016-12-06 07:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 20:38 - 2017-03-14 20:38 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 20:39 - 2017-03-14 20:39 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 20:39 - 2017-03-14 20:39 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 20:39 - 2017-03-14 20:39 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-12 19:31 - 2017-05-12 19:31 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-12 19:31 - 2017-05-12 19:31 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-12 19:31 - 2017-05-12 19:31 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2015-11-04 17:43 - 2015-11-04 17:43 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-05-12 16:41 - 2017-05-09 04:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-12 16:41 - 2017-05-09 04:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2013-04-15 18:39 - 2016-03-16 05:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00792904 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 01759560 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 01989960 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00033608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00091464 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2016-07-27 19:25 - 2016-07-27 19:25 - 01092424 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00123208 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00068424 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2016-07-27 19:25 - 2016-07-27 19:25 - 00211272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-07-05 19:39 - 2017-07-05 19:39 - 00098816 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32api.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00110080 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\pywintypes27.dll
2017-07-05 19:39 - 2017-07-05 19:39 - 00364544 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\pythoncom27.dll
2017-07-05 19:39 - 2017-07-05 19:39 - 00320512 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32com.shell.shell.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00914432 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\_hashlib.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 01176576 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\wx._core_.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00806400 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\wx._gdi_.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00816128 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\wx._windows_.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 01067008 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\wx._controls_.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00733184 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\wx._misc_.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00682496 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\pysqlite2._sqlite.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00088064 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\_ctypes.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00686080 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\unicodedata.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00119808 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32file.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00108544 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32security.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00007168 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\hashobjs_ext.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00017920 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\thumbnails_ext.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00088064 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\usb_ext.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00012800 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\common.time34.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00018432 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32event.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00167936 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32gui.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00046080 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\_socket.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 01303552 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\_ssl.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00128512 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\_elementtree.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00127488 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\pyexpat.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00038912 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32inet.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00036864 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\_psutil_windows.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00524248 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\windows._lib_cacheinvalidation.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00011264 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32crypt.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00123392 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\wx._wizard.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00077312 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\wx._html2.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00027648 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\_multiprocessing.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00020480 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\_yappi.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00035840 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32process.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00078848 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\wx._animate.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00024064 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32pipe.pyd
2017-07-05 19:39 - 2017-07-05 19:39 - 00010240 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\select.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00025600 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32pdh.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00017408 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32profile.pyd
2017-07-05 19:40 - 2017-07-05 19:40 - 00022528 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI36322\win32ts.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00058184 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00040264 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00030024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00049992 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00939336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2016-07-27 19:25 - 2016-07-27 19:25 - 00082760 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2016-07-27 19:25 - 2016-07-27 19:25 - 00198984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00226120 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00026952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00103752 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00151880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00702792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amdocl_as64.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdocl_ld64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothDesktopHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browser_broker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthTelemetry.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CellularAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CfgSPCellular.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CNMLMB8.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ConhostV2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CspCellularSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CSpkExt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64BP16.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CxPageMaster64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDirectoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicesFlowBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DuCsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAPNCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiC311.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\hpinkinsC311.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpinkstsC311LM.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\hpotscl1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpowiav1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hppldcoi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpzllw71.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ImplatSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\musdialoghandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortChanger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintRenderAPIHost.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpRelayTransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtCRX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\securekernel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UCI64A96.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UNPUXWorker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.AppDefaults.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDScDrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSaveExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_as32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_ld32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BthTelemetry.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RsCRIcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicDisplay.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicRender.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthLEEnum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CHDRT64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Dot4.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Dot4Prt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Dot4usb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nuidfltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\raspppoe.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RtsUer.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scmbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmclr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifimp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\13043286_10208946116631584_1766396592904023859_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\13095898_10208986089670885_2734641930239889748_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\13221447_10209212359207482_3870046220603663146_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\13254910_10209161017763978_5544739157137136835_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\20160504_CarrieAdam_esession_097.jpg:$CmdZnID [32]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\3.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\4.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\5.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\6.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\7.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\Fitness Advantage Enrollment Form Member 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\Will_Ferrell_Elf_402143artw.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\WORK.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\yup.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\117-italobrothers-stamp_on_the_ground-lzy.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\117-italobrothers-stamp_on_the_ground-lzy.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\14316-pour-some-sugar-on-me.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\15278_March_COMB_Specials_US_FINAL_LR_15th.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\15523_March_Extra_Host_Credit_HOST_Specials_US_Final_LR.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20141019_193648.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20141106_164541.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150104_152817.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150118_130938.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150208_220436.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150222_192545.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150222_192604.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150412_223609.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150502_154403.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150502_154918.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\2016-11-26_19-00_Christi_Paulson_order_9434793.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_222242.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_222303.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_223723.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_223758.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_231035.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_231052.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_231853 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_231853.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_231915.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_233049.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_233105.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\2017 (1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\2017.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\24HourShortStoryContestSpring2 (1).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\24HourShortStoryContestSpring2.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\51073-dragula.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\51073-dragula.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\ABA Bridal Contract.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Anatoliy D Photo Wedding Questionnaire (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Anatoliy D Photo Wedding Questionnaire (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Anatoliy D Photo Wedding Questionnaire.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Anatoliy D Photo Wedding Questionnaire.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\April-Host-Specials-USv3.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\caricature-bride-groom.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Carrie and Adam.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Carrie's Wedding Plans.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\ChromeSetup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\ChromeSetup (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\collage-2015-10-31 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\collage-2015-10-31.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\consent_form_20160224.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\dec-customer-specials-us.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\dec-customer-specials-us.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Direct Ops Power Point Template.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Direct Ops Power Point Template_Denise Comments.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Dustin-list-christmas_2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\EminemTillICollapse.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\EminemTillICollapse.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\enviro cloth uses by carynn terrill.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\fargoboy_pablo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Gesaffelstein - Hate or Glory Up for RSlink.pl.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Gesaffelstein - Hate or Glory Up for RSlink.pl.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\i-cant-stop-1.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Imaginary Friend - Love Is Beginning.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0234c.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0240c.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0249c.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0264.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0264GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0274.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0275.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0276.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0278.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0278GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0294.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0294GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0296.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0298.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0307.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0307GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0308.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0308GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0313.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0314.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0316.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0318.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0319.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0319GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0320.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0328.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0372.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0374.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0374GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0381.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0387.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0387e.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0392.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0392e.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0392GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0392GSe.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0394.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0394GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0404GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0405.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0430.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0432.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0442.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0457.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0482.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0495.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0495GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0499GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_20140713_113233.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_20140720_212519.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2152.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2153.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2154.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2155.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2156.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2157.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2158.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2159.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2160.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2161.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2162 (1).JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2162.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2163.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2164.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2165.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2166.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2177.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2178.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2179.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2180.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2181.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2182.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2183.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2184.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2185.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2190.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2191.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2192.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2193.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2194.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2195.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2196.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2197.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2198.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2199.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2200.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2201.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2208.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2209.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2210.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2211.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2212.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2213.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2214.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2215.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2216.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2217.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2218.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2219.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2220.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4731.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4737.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4745.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4751.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4752.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4758.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4759.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4761.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4762.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4771.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4778.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4779.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\invitation (1).png:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\invitation.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\jan-17-consultant-specials-us-1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\jan-17-host-specials-us (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\jan-17-host-specials-us.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Jan2017-Super-Kit-US-Final-LR.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Jess_Glynne_-_Hold_My_Hand_(Vdj.fm).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\List2015.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\lucy_schwartz_when_we_were_young.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Mar17-Customer-Specials-US.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Mar17-Host-Specials-US-shopping-spree.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\March-Consultant-Specials-US-with-bracelet.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\March2017-4Party-US.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\March2017-Spring-Back-to-Norwex-US-CDN.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\mbam-setup-2.2.0.1024.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\muse.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\muse.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\My Christmas letter 2015.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Norwex party link to send to hosts.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\November-Customer-Specials-US.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\odBuhte6BIvY.128.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\perrie-edwards-amp-zayn-malik-3[songsx.pk].mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Plex-Media-Server-1.0.3.2461-35f0caa-en-US.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Plex-Media-Server-1.0.3.2461-35f0caa-en-US.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Rammstein - Du Hast [pleer.com].mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Rammstein - Du Hast [pleer.com].mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Rob Zombie - Dragula.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Rob_Zombie-Dragula(mp3.com.ua).mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Rob_Zombie-Dragula(mp3.com.ua).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 076.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 079.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 084.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 087.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 088.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 090.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 092.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 095.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 098.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 100.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 102.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 104.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 106.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 109.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 112.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 113.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 114.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 116.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 118.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 121.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 123.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 129.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 131.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 134.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 136.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 139.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 141.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 145.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 148.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 157.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 159.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 161.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 164.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 166.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 168.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 170.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 173.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 175.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 177.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 179.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 182.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 183.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 185.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 188.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 190.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 192.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 195.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 197.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 202.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 203.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 206.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 210.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 213.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 214.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 216.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 220.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 222.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 225.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 227.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 231.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 236.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 240.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Skrillex-Bangarang_feat_Sirah_Original_Mix(mp3.com.ua).mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Skrillex-Bangarang_feat_Sirah_Original_Mix(mp3.com.ua).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\skrillex.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\skrillex.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\slingtv (1).msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\slingtv.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\SmileboxInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\SmileboxInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\SMTK-Bizhub16022412470.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\survival.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\survival.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\taxExportOrders3002379.csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\taxExportPayment3002379 (1).csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\taxExportPayment3002379.csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\The Arcade Fire - Wake Up [mp3clan.com].mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\The Arcade Fire - Wake Up [mp3clan.com].mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\The Arcade Fire - Wake Up.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\the envircloth can do whaaaaaa by rachel tupy.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\tim_mcmorris_overwhelmed.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\tumblr_m3lip51Dha1qlimuzo1_r1.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\unspecified:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\uppastnursery.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\USS_-_Yin_Yang.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\USS_-_Yin_Yang.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\weddingchicks-download-1458166221.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\weddingchicks-download-1458166310.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\when_we_were_young_lucy_schwartz_cover.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\wlsetup-web (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\wlsetup-web (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\YOGI - Burial ft. Pusha T.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\YOGI - Burial ft. Pusha T.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\_11647_2015_Product_Catalog_US_Web.pdf:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2014-12-03 09:48 - 00000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B25A2AA3-CD06-487C-8370-E4E4C6CEA251}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{C588E4FE-9081-4F54-B6D7-AA4AF8A2AC75}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{CF5D260A-F6C6-4B4A-A83A-1A8FF0F7D73D}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{8F2D38EB-2770-43EB-B826-010EC193195F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{E2383E55-D767-4320-AF7E-6F7CA85C91C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{39FA3B38-E5A3-4D5E-B2BD-6C1290DD749B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{EA9ECC27-1B5F-48E7-897F-90836A9A88CC}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{5A4C7DA5-EAA8-4AD0-8E8F-1C83A962C8D0}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{AE3D8491-5855-428B-B128-C675FC77A9BC}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{EC76C9EA-925F-4364-A461-1F190935F86F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{738B1033-3D7E-4A5C-A26E-3BA8F267F92F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{893DDDFA-5E04-46B8-9916-39FEE6F31702}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B3D18C0C-33DA-4EF7-8B1D-208592092310}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{97E1BE0E-83B9-4A97-8054-3C1CD7D71792}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{AEF87B0B-6E32-4975-B6CA-8B146CC1F4B9}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{E1D2DA73-58A2-4725-A288-DFB6549ACA8F}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{25D7A12D-3191-4B72-8FC0-6DC212871460}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{6DE27CC4-C6C4-4A76-8CCA-849AD25A5EDC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FB759D5E-E0ED-42D8-AF33-E3D94DEB97FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{38DDB20F-9C0F-4CD0-9D7F-1F973FD001F3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{EFB724D3-3F55-48F2-A75B-B3E15CF34A63}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5A8AAB77-CE8A-4007-ACBE-52C262BA5423}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{460962FE-1BAA-4F10-B5C0-A2EEFAD1C0C0}] => (Allow) LPort=2869
FirewallRules: [{58323337-8427-41AD-883B-638855AD574E}] => (Allow) LPort=1900
FirewallRules: [{613F1A7E-74D0-486F-BF40-5F3222CC3538}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C3487AB2-1C90-4420-BEB3-32C9C54EB4B3}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{92502DF1-38BB-43EB-96E8-5FAF0866CB9C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FA25AD8D-4259-433F-8DC7-E6A9DE4F62C6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{1F56D78B-994E-408A-A686-C4BC9B69AA14}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [UDP Query User{0F5CFE95-352B-4C90-90B2-AE0DAA94C76B}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [{49FAB8C8-466E-4D14-A9C0-B7BE99DD1A73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F4134B77-7B47-45A7-8DB3-784D80C786EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8E81F380-DCDF-433C-969E-380FA15601DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8CD30870-F5B4-427D-8F1C-C90C7DDD7F21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B2B1DB23-E564-47F4-980F-72B25D107386}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEADE5D0-4B28-4071-8EBB-BF7705728B9C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AC071B5F-D898-4365-95E0-5A8B55C5241A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{81EFF28D-E575-4CEA-8E7B-C4E761BC6247}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F2E7B380-CA54-42CD-921A-0CAAD1068FB3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{5A313BE2-EC03-4CB7-B2A8-2749E011C5A1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B35FC85D-1814-4921-86D7-3AD4F50F3EB9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E1E8A7A0-3427-4AE7-9339-24288A441128}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{003D1518-510F-4318-93A4-48A25671D6BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{E2E2CEB1-EF47-4E5B-870A-EC910992DD6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{6D754AFE-CBD6-4F9D-9731-04AB64FD526F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{4D368A30-F1C9-4580-880E-D31011DB2030}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{D45A1891-728C-4342-88D5-12E221A57CFD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BF0D39E3-AFA6-4E8E-B4FF-706B6B803718}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
System error 123 has occurred.
 
The filename, directory name, or volume label syntax is incorrect.
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-5750M APU with Radeon™ HD Graphics 
Percentage of memory in use: 47%
Total physical RAM: 5327.26 MB
Available physical RAM: 2810.97 MB
Total Virtual: 6223.26 MB
Available Virtual: 3391.7 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:893.13 GB) (Free:658.92 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F91D03FF)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
========= End of CMD: =========
 
 

 

==== End of Fixlog 20:24:08 ====


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:09 PM

Posted 10 July 2017 - 09:18 AM

Thank you for the information.

This does not appear to be malware related but we do a few things to try to identify and resolve the system issue. I may end up referring you to the Windows 10 Forum.

Did you install Comodo after the symptoms started?

Boot into Safe Mode and test your computer behavior.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 paudusd

paudusd
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 11 July 2017 - 08:59 AM

I did install Comodo before the symptoms started.  I think I had it installed for quite a while before I started having issues.  Is that something that causes issues like this?  I'm fine switching to another anti-virus and uninstalling it - if that's helpful?

 

I did boot into safe mode and it didn't seem to have too much of a difference.  still seemed pretty sluggish overall.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:09 PM

Posted 11 July 2017 - 03:07 PM

Let's remove the program and see if there is a difference.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click the Revo Uninstaller icon
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Internet Security Essentials 
Comodo Dragon
  • If presented with the program uninstall option click Uninstall
  • If asked to reboot select Reboot later
  • Under Scanning Modes select Advanced then select Scan
  • On the Found leftover Registry items window check the items in bold only then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Next then Yes
  • On the Found leftover files and folders window click on Select all, click Finish, then click Yes
  • Reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Revo run properly?
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 paudusd

paudusd
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 11 July 2017 - 11:04 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by cpaulson12 (11-07-2017 15:54:51) Run:3
Running from C:\PC FIX
Loaded Profiles: cpaulson12 (Available Profiles: cpaulson12)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
emptytemp:
 
*****************
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 36799 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 124846634 B
Java, Flash, Steam htmlcache => 78536640 B
Windows/system/drivers => 343208977 B
Edge => 62739 B
Chrome => 1006825986 B
Firefox => 324555574 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 841034 B
NetworkService => 52706 B
cpaulson12 => 981807503 B
 
RecycleBin => 6999294062 B
EmptyTemp: => 9.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:05:23 ====
 
 
 
 
Revo ran properly and seem to operate fine.  
 
I removed both Internet Security Essentials

Comodo Dragon and there was a 3rd one by them that I removed too.  I don't remember the exact name.. but it was something to do with Comodo.

 

It does seem to be running a bit better.  It doesn't seem like nothing is happening now when I use the computer (like it used to), but it is still slugging along.  It still takes quite a while to open my computer or any other programs that I try to open.  so better than it was but still pretty slow.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:09 PM

Posted 12 July 2017 - 09:24 AM

Thanks, please run another FRST scan and copy/paste both reports in your reply.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 paudusd

paudusd
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 12 July 2017 - 04:41 PM

This will be 2 posts. when I try  to copy/paste both.. it gives me an error and says post to long
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2017
Ran by cpaulson12 (administrator) on CHRISTI-LAPTOP (12-07-2017 16:16:59)
Running from C:\PC FIX
Loaded Profiles: cpaulson12 (Available Profiles: cpaulson12)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Smilebox, Inc.) C:\Users\cpaulson12\AppData\Roaming\Smilebox\SmileboxTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.247.777.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Users\cpaulson12\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msoia.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2016-03-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-02-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-02-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-05-19] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-05-12] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2017-07-05] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2017-07-05] ()
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-30] (Google)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [SmileboxTray] => C:\Users\cpaulson12\AppData\Roaming\Smilebox\SmileboxTray.exe [350168 2017-03-10] (Smilebox, Inc.)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-05-19] (Apple Inc.)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-05-19] (Apple Inc.)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-05-19] (Apple Inc.)
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [12382536 2016-08-04] (Plex, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a7f7e4ca-068a-4e43-8a44-69a72b3fd351}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b9fcbe7e-5a2d-4970-8c14-59edcbad455b}: [DhcpNameServer] 75.75.76.76 75.75.75.75
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-185766733-1824046107-1153005522-1002 -> {A90A3198-80B1-4AE3-8B57-6F7FA26DB44E} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: bmhm66bm.default-1417700445447
FF ProfilePath: C:\Users\cpaulson12\AppData\Roaming\Mozilla\Firefox\Profiles\bmhm66bm.default-1417700445447 [2017-07-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-17] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-185766733-1824046107-1153005522-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default [2017-07-12]
CHR Extension: (Google Drive) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Pinterest Save Button) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-27]
CHR Extension: (Gmail) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\cpaulson12\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-11]
CHR HKU\S-1-5-21-185766733-1824046107-1153005522-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-05-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2016-03-11] (ELAN Microelectronics Corp.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-17] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-05-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-05-12] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2015-03-27] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2015-03-27] (Windows ® Win 7 DDK provider)
R1 MpKsl1b6a0ee5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{756387F1-1832-4D51-84E9-D18E06BA4A10}\MpKsl1b6a0ee5.sys [44928 2017-07-11] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2016-12-09] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-11 16:57 - 2017-07-11 16:57 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2017-07-11 16:13 - 2017-07-11 16:13 - 00001090 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-07-11 16:13 - 2017-07-11 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-07-11 16:13 - 2017-07-11 16:13 - 00000000 ____D C:\Program Files\VS Revo Group
2017-07-11 16:11 - 2017-07-11 16:12 - 07178424 _____ (VS Revo Group ) C:\Users\cpaulson12\Downloads\revosetup.exe
2017-07-11 16:11 - 2017-07-11 16:12 - 07178424 _____ (VS Revo Group ) C:\Users\cpaulson12\Downloads\revosetup (1).exe
2017-07-05 20:18 - 2017-07-05 20:19 - 02436608 _____ (Farbar) C:\Users\cpaulson12\Downloads\FRST64.exe
2017-07-05 20:13 - 2017-07-12 16:16 - 00000000 ____D C:\PC FIX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-12 16:18 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 16:16 - 2014-11-27 22:45 - 00000000 ____D C:\FRST
2017-07-12 16:15 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-11 22:52 - 2016-05-06 17:54 - 00000000 ___RD C:\Users\cpaulson12\iCloudDrive
2017-07-11 22:51 - 2014-07-09 14:59 - 00000000 ___RD C:\Users\cpaulson12\Google Drive
2017-07-11 22:48 - 2016-12-06 06:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-11 22:47 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-07-11 22:47 - 2016-04-11 20:55 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-07-11 18:17 - 2016-12-06 05:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-11 17:18 - 2014-07-09 21:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-11 17:16 - 2014-07-09 21:26 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-11 17:04 - 2014-12-05 11:34 - 00000000 ____D C:\ProgramData\Comodo
2017-07-11 17:01 - 2014-11-13 22:09 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-11 16:27 - 2016-03-23 15:58 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-07-11 16:27 - 2014-12-05 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-07-11 16:00 - 2016-03-16 17:31 - 00000000 ____D C:\Users\cpaulson12\AppData\LocalLow\Temp
2017-07-11 15:51 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-07-11 09:09 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-11 08:47 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 08:46 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-11 08:41 - 2016-12-06 05:24 - 00348584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-11 08:39 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-11 08:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-11 08:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-11 08:37 - 2014-07-12 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-11 08:37 - 2014-07-12 11:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-07-08 19:15 - 2014-07-12 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-08 17:22 - 2014-07-09 21:10 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-08 17:22 - 2014-07-09 21:10 - 00002313 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-05 21:15 - 2017-05-12 19:37 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-07-05 21:15 - 2017-05-12 19:37 - 00000000 ____D C:\Program Files\UNP
2017-06-23 22:36 - 2014-07-09 20:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-06-23 22:23 - 2014-10-21 21:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-22 16:36 - 2016-12-20 19:15 - 00003298 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 16:36 - 2016-04-11 22:30 - 00002389 _____ C:\Users\cpaulson12\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 16:36 - 2016-04-11 22:30 - 00000000 ___RD C:\Users\cpaulson12\OneDrive
2017-06-18 16:18 - 2014-07-09 19:40 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-18 15:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories =======
 
2014-09-28 22:45 - 2014-10-21 20:45 - 0000095 _____ () C:\Users\cpaulson12\AppData\Roaming\WB.CFG
2016-03-23 19:35 - 2016-07-31 00:19 - 0014848 _____ () C:\Users\cpaulson12\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-06 05:27 - 2016-12-06 05:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-08 17:55
 
==================== End of FRST.txt ============================


#10 paudusd

paudusd
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 12 July 2017 - 04:48 PM

the addition file is going to be split into 2 posts.  It still said it was too long in just one post.  I hope that work for you.. if not let me know if you want me to do something different

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017
Ran by cpaulson12 (12-07-2017 16:23:06)
Running from C:\PC FIX
Windows 10 Home Version 1607 (X64) (2016-12-06 11:09:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-185766733-1824046107-1153005522-500 - Administrator - Disabled)
cpaulson12 (S-1-5-21-185766733-1824046107-1153005522-1002 - Administrator - Enabled) => C:\Users\cpaulson12
DefaultAccount (S-1-5-21-185766733-1824046107-1153005522-503 - Limited - Disabled)
Guest (S-1-5-21-185766733-1824046107-1153005522-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{49717648-68B0-3342-F28B-7DF710E1EBF4}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
King's Quest (HKLM\...\Steam App 345390) (Version:  - The Odd Gentlemen)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo Solution Center (HKLM\...\{4041B18B-DE30-4D78-9D60-6ADC586C5E00}) (Version: 2.1.003.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4937.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4927.1002 - Microsoft Corporation) Hidden
Plex Media Server (HKLM-x32\...\{6C038F54-63AD-45B6-82F0-DB016AACC332}) (Version: 1.0.2461 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{95a48f45-ab01-45f1-877e-2e99428cfe59}) (Version: 1.0.3.2461 - Plex, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Sling (HKLM-x32\...\{33B2A40C-B8BF-4E5A-8213-1EEB309B0DD0}) (Version: 4.8.154 - Echostar)
Smilebox (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Smilebox) (Version: 1.0.0.30225 - Smilebox, Inc.)
Start Menu (HKU\S-1-5-21-185766733-1824046107-1153005522-1002\...\Pokki_Start_Menu) (Version: 0.269.4.103 - Pokki)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stopping Plex (HKLM-x32\...\{837B7322-3B78-4F10-9D00-5F15DE968660}) (Version: 1.0.2461 - Plex, Inc.) Hidden
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-185766733-1824046107-1153005522-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-04-18] (Microsoft Corporation)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-08-17] (Nitro PDF)
ContextMenuHandlers01: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-05-09] (Apple Inc.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-08-01] (Malwarebytes)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-08-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BE616DE-FAAB-4880-A2F8-44C18A10B098} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0FCAAF23-12AC-4FEE-ABF9-DE43E085F24D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {2209DCE6-3563-48C7-9C36-180BBA71445B} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {2BA60223-33C5-48F2-9771-ACE08F730EDD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {31195041-96A7-4850-A831-8ACD63D4FFF0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3CE885C6-DED7-4AC4-8126-7FB38E024F73} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-17] (Lenovo)
Task: {409641CD-782D-4245-BE14-C0D8F4F725C2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {42CC9D07-B517-4760-9D8D-166C23FF55D9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-05-19] (Apple Inc.)
Task: {43EF10F9-4498-4032-ADF9-DA5990C40FA0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {475AF506-796E-43FD-867A-E2542F999887} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4808CEBA-CD6B-4595-A16B-E2504A3EF9A6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {53E33EBF-74C2-4070-836B-6B88450AE365} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {57A85140-69BD-46C9-9E9F-371F83ABFAC0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2017-07-11] (Microsoft Corporation)
Task: {59D744C1-AABD-4BBA-B7FE-5A04325EDC37} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6240ED74-41B7-4E58-B048-43A9FA1958E1} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {64BBACF2-16DA-447D-A53A-1908D6415EDB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-05-12] (Microsoft Corporation)
Task: {66BFA79F-028F-4721-9FF5-D93EBE4399C4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6F8CA9AD-3C6F-41FC-B85E-5CFF04EDD9FD} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {80945599-7047-47F5-901C-57AB1FE54A7D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-05-12] (Microsoft Corporation)
Task: {9BA8CE80-23A2-42B4-B771-F25E23A2B39C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
Task: {9CC9985E-1A1F-4856-9ADA-DABF527D53D3} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {9DB6C33C-90C5-486F-A357-1FCE20B64D2E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {B58C8B65-C648-4EEC-87A0-79DA81781B01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-05-12] (Microsoft Corporation)
Task: {B75A126B-9EDF-4CB7-8F21-D3ABAC67005A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B8271942-FDFA-4DAC-80DD-1AB3A1D03892} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-05-12] (Microsoft Corporation)
Task: {BB2E0078-51CA-455F-9DC6-40F59DB0F46F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C88CEF1D-40E3-4307-AD13-5B50EE12FCFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {C8CB2942-2B9D-479C-9289-4A8FE2C13807} - \WPD\SqmUpload_S-1-5-21-185766733-1824046107-1153005522-1002 -> No File <==== ATTENTION
Task: {D034C5A0-B00C-4D58-8F15-CFCB3E6B5817} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E3B7B63A-DACE-434F-A25F-5F3D56B74610} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {EFB5DFCD-4E01-4CF7-975F-DE72304321D6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F05D87F6-74E3-411E-947B-D92CB55111AF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F5A9DB10-0B43-4424-841C-CEB41B36941C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-03-14] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --prerender=disabled
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --prerender=disabled
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-12 19:31 - 2017-05-12 19:31 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-11-04 17:43 - 2015-11-04 17:43 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-11 07:55 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-15 22:27 - 2012-04-24 05:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-07-27 17:43 - 2017-04-18 16:26 - 08909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-12-06 07:11 - 2016-12-06 07:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 20:38 - 2017-03-14 20:38 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 20:39 - 2017-03-14 20:39 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 20:39 - 2017-03-14 20:39 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 20:39 - 2017-03-14 20:39 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-12 19:31 - 2017-05-12 19:31 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-12 19:31 - 2017-05-12 19:31 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-12 19:31 - 2017-05-12 19:31 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2015-11-04 17:43 - 2015-11-04 17:43 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-07-05 20:23 - 2017-07-05 20:23 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-05 20:23 - 2017-07-05 20:23 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-05 20:23 - 2017-07-05 20:23 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-05 20:23 - 2017-07-05 20:23 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-07-08 17:21 - 2017-06-22 22:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-08 17:21 - 2017-06-22 22:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-04-13 18:37 - 2017-04-13 17:54 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-04-13 18:37 - 2017-04-13 17:54 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00792904 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 01989960 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 01759560 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00033608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00091464 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2016-07-27 19:25 - 2016-07-27 19:25 - 01092424 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00123208 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00068424 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2016-07-27 19:25 - 2016-07-27 19:25 - 00211272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-07-11 22:49 - 2017-07-11 22:49 - 00098816 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32api.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00110080 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\pywintypes27.dll
2017-07-11 22:49 - 2017-07-11 22:49 - 00364544 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\pythoncom27.dll
2017-07-11 22:49 - 2017-07-11 22:49 - 00320512 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32com.shell.shell.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00914432 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\_hashlib.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 01176576 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\wx._core_.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00806400 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\wx._gdi_.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00816128 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\wx._windows_.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 01067008 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\wx._controls_.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00733184 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\wx._misc_.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00682496 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\pysqlite2._sqlite.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00088064 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\_ctypes.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00686080 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\unicodedata.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00119808 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32file.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00108544 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32security.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00007168 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\hashobjs_ext.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00017920 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\thumbnails_ext.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00088064 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\usb_ext.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00012800 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\common.time34.pyd
2017-07-11 22:49 - 2017-07-11 22:50 - 00018432 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32event.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00167936 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32gui.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00046080 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\_socket.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 01303552 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\_ssl.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00128512 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\_elementtree.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00127488 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\pyexpat.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00038912 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32inet.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00036864 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\_psutil_windows.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00524248 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\windows._lib_cacheinvalidation.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00011264 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32crypt.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00123392 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\wx._wizard.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00077312 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\wx._html2.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00027648 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\_multiprocessing.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00020480 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\_yappi.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00035840 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32process.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00078848 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\wx._animate.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00024064 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32pipe.pyd
2017-07-11 22:49 - 2017-07-11 22:49 - 00010240 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\select.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00025600 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32pdh.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00017408 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32profile.pyd
2017-07-11 22:50 - 2017-07-11 22:50 - 00022528 ____R () C:\Users\cpaulson12\AppData\Local\Temp\_MEI56802\win32ts.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00058184 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00040264 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00030024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00049992 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00939336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2016-07-27 19:25 - 2016-07-27 19:25 - 00082760 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2016-07-27 19:25 - 2016-07-27 19:25 - 00198984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2016-07-27 19:26 - 2016-07-27 19:26 - 00226120 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00026952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00103752 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00151880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2016-07-27 19:26 - 2016-07-27 19:26 - 00702792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\HelpPane.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadcloudap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AccountsRt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amdocl_as64.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\amdocl_ld64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothDesktopHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browser_broker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bthserv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthTelemetry.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrvps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CellularAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CfgSPCellular.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\CloudStorageWizard.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CNMLMB8.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\coin97ip.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompPkgSup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ConhostV2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsentUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CryptoWinRT.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CspCellularSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CSpkExt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64BP16.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CxPageMaster64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafBth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DdcWnsListener.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceDirectoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicesFlowBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dfp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DfpCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmcertinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DuCsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dui70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAPNCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\enterprisecsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.SyncEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FlightSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\flvprophandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FontProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GEARAspi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpinkcoiC311.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\hpinkinsC311.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpinkstsC311LM.dll:$CmdTcID [32]
AlternateDataStreams: C:\WINDOWS\system32\hpotscl1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpowiav1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hppldcoi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpzllw71.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IdCtrls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ImplatSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LocationFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LsaIso.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFCaptureEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPSSVC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtctm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mspaint.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\musdialoghandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotificationUx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NaturalLanguage6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netplwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneBackupHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PortChanger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintRenderAPIHost.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintWSDAHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\psmsrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RADCUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpclip.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RdpRelayTransport.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXTaskFactory.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RecoveryDrive.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtCRX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdengin2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\securekernel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Flights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SharedStartModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smartscreen.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwizeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncCenter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UCI64A96.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatehandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usbaaplrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vss_ps.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werconcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wiaservc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wimgapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wimserv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.Desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Printers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Management.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.AppDefaults.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Diagnostics.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSDScDrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSaveExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aadtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AboveLockAppHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\adsnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_as32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_ld32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]


#11 paudusd

paudusd
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 12 July 2017 - 04:50 PM

AlternateDataStreams: C:\WINDOWS\SysWOW64\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\apprepsync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AuthBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bthprops.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BthTelemetry.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cdp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CertEnroll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudStorageWizard.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CompPkgSup.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreMessaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CoreUIComponents.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\crypt32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CryptoWinRT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d11.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceaccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dialclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DisplayManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dlnashext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dmenrollengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\efswrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\enrollmentapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ErrorDetails.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExSMime.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32full.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GEARAspi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Geolocation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\imapi2fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InputService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsecsnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ipsmsnap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LocationApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapGeocoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mbsmsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmjpegdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MiracastReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mmc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MrmCoreR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcprx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mspaint.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxclu.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NaturalLanguage6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\odbcconf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleacc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\oleaut32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpcServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RADCUI.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastlsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ReInfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RsCRIcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sbe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SensorsApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ShareHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StructuredQuery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SyncSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TokenBrokerUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIRibbonRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\unimdm.tsp:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Unistore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataAccountApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UserMgrProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usoapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vaultcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\virtdisk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebcamUi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Import.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winhttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinRtTracing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlidprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WpcWebFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpnapps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscui.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_sr.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicDisplay.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BasicRender.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bridge.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BthLEEnum.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\CHDRT64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dc3d.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Dot4.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Dot4Prt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Dot4usb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fsdepends.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nuidfltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\raspppoe.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RtsUer.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\scmbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbaapl64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbscan.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmclr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifimp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [130]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\13043286_10208946116631584_1766396592904023859_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\13095898_10208986089670885_2734641930239889748_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\13221447_10209212359207482_3870046220603663146_n.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\13254910_10209161017763978_5544739157137136835_o.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\2.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\20160504_CarrieAdam_esession_097.jpg:$CmdZnID [32]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\3.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\4.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\5.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\6.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\7.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\Fitness Advantage Enrollment Form Member 2015.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\Will_Ferrell_Elf_402143artw.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\WORK.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Desktop\yup.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\117-italobrothers-stamp_on_the_ground-lzy.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\117-italobrothers-stamp_on_the_ground-lzy.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\14316-pour-some-sugar-on-me.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\15278_March_COMB_Specials_US_FINAL_LR_15th.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\15523_March_Extra_Host_Credit_HOST_Specials_US_Final_LR.PDF:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20141019_193648.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20141106_164541.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150104_152817.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150118_130938.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150208_220436.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150222_192545.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150222_192604.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150412_223609.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150502_154403.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20150502_154918.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\2016-11-26_19-00_Christi_Paulson_order_9434793.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_222242.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_222303.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_223723.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_223758.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_231035.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_231052.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_231853 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_231853.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_231915.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_233049.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\20160307_233105.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\2017 (1).pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\2017.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\24HourShortStoryContestSpring2 (1).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\24HourShortStoryContestSpring2.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\51073-dragula.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\51073-dragula.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\ABA Bridal Contract.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Anatoliy D Photo Wedding Questionnaire (1).docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Anatoliy D Photo Wedding Questionnaire (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Anatoliy D Photo Wedding Questionnaire.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Anatoliy D Photo Wedding Questionnaire.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\April-Host-Specials-USv3.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\caricature-bride-groom.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Carrie and Adam.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Carrie's Wedding Plans.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\ChromeSetup (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\ChromeSetup (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\collage-2015-10-31 (1).jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\collage-2015-10-31.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\consent_form_20160224.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\dec-customer-specials-us.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\dec-customer-specials-us.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Direct Ops Power Point Template.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Direct Ops Power Point Template_Denise Comments.pptx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Dustin-list-christmas_2015.doc:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\EminemTillICollapse.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\EminemTillICollapse.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\enviro cloth uses by carynn terrill.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\fargoboy_pablo.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Gesaffelstein - Hate or Glory Up for RSlink.pl.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Gesaffelstein - Hate or Glory Up for RSlink.pl.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\i-cant-stop-1.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Imaginary Friend - Love Is Beginning.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0234c.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0240c.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0249c.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0264.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0264GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0274.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0275.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0276.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0278.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0278GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0294.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0294GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0296.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0298.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0307.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0307GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0308.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0308GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0313.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0314.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0316.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0318.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0319.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0319GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0320.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0328.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0372.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0374.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0374GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0381.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0387.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0387e.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0392.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0392e.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0392GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0392GSe.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0394.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0394GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0404GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0405.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0430.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0432.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0442.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0457.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0482.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0495.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0495GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_0499GS.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_20140713_113233.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_20140720_212519.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2152.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2153.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2154.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2155.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2156.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2157.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2158.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2159.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2160.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2161.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2162 (1).JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2162.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2163.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2164.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2165.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2166.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2177.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2178.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2179.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2180.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2181.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2182.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2183.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2184.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2185.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2190.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2191.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2192.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2193.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2194.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2195.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2196.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2197.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2198.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2199.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2200.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2201.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2208.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2209.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2210.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2211.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2212.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2213.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2214.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2215.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2216.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2217.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2218.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2219.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_2220.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4731.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4737.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4745.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4751.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4752.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4758.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4759.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4761.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4762.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4771.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4778.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\IMG_4779.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\invitation (1).png:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\invitation.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\jan-17-consultant-specials-us-1.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\jan-17-host-specials-us (1).pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\jan-17-host-specials-us.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Jan2017-Super-Kit-US-Final-LR.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Jess_Glynne_-_Hold_My_Hand_(Vdj.fm).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\List2015.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\lucy_schwartz_when_we_were_young.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Mar17-Customer-Specials-US.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Mar17-Host-Specials-US-shopping-spree.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\March-Consultant-Specials-US-with-bracelet.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\March2017-4Party-US.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\March2017-Spring-Back-to-Norwex-US-CDN.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\mbam-setup-2.2.0.1024.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\mbam-setup-2.2.0.1024.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\muse.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\muse.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\My Christmas letter 2015.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Norwex party link to send to hosts.docx:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\November-Customer-Specials-US.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\odBuhte6BIvY.128.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\perrie-edwards-amp-zayn-malik-3[songsx.pk].mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Plex-Media-Server-1.0.3.2461-35f0caa-en-US.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Plex-Media-Server-1.0.3.2461-35f0caa-en-US.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Rammstein - Du Hast [pleer.com].mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Rammstein - Du Hast [pleer.com].mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Rob Zombie - Dragula.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Rob_Zombie-Dragula(mp3.com.ua).mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Rob_Zombie-Dragula(mp3.com.ua).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 076.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 079.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 084.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 087.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 088.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 090.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 092.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 095.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 098.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 100.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 102.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 104.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 106.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 109.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 112.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 113.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 114.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 116.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 118.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 121.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 123.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 129.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 131.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 134.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 136.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 139.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 141.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 145.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 148.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 157.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 159.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 161.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 164.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 166.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 168.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 170.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 173.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 175.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 177.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 179.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 182.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 183.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 185.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 188.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 190.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 192.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 195.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 197.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 202.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 203.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 206.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 210.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 213.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 214.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 216.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 220.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 222.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 225.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 227.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 231.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 236.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\shack and ebay 240.JPG:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Skrillex-Bangarang_feat_Sirah_Original_Mix(mp3.com.ua).mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\Skrillex-Bangarang_feat_Sirah_Original_Mix(mp3.com.ua).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\skrillex.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\skrillex.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\slingtv (1).msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\slingtv.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\SmileboxInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\SmileboxInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\SMTK-Bizhub16022412470.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\survival.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\survival.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\taxExportOrders3002379.csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\taxExportPayment3002379 (1).csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\taxExportPayment3002379.csv:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\The Arcade Fire - Wake Up [mp3clan.com].mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\The Arcade Fire - Wake Up [mp3clan.com].mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\The Arcade Fire - Wake Up.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\the envircloth can do whaaaaaa by rachel tupy.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\tim_mcmorris_overwhelmed.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\tumblr_m3lip51Dha1qlimuzo1_r1.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\unspecified:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\uppastnursery.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\USS_-_Yin_Yang.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\USS_-_Yin_Yang.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\weddingchicks-download-1458166221.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\weddingchicks-download-1458166310.png:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\when_we_were_young_lucy_schwartz_cover.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\wlsetup-web (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\wlsetup-web (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\YOGI - Burial ft. Pusha T.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\YOGI - Burial ft. Pusha T.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\cpaulson12\Downloads\_11647_2015_Product_Catalog_US_Web.pdf:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2014-12-03 09:48 - 00000035 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-185766733-1824046107-1153005522-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B25A2AA3-CD06-487C-8370-E4E4C6CEA251}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{C588E4FE-9081-4F54-B6D7-AA4AF8A2AC75}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{CF5D260A-F6C6-4B4A-A83A-1A8FF0F7D73D}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{8F2D38EB-2770-43EB-B826-010EC193195F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{E2383E55-D767-4320-AF7E-6F7CA85C91C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{39FA3B38-E5A3-4D5E-B2BD-6C1290DD749B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{EA9ECC27-1B5F-48E7-897F-90836A9A88CC}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{5A4C7DA5-EAA8-4AD0-8E8F-1C83A962C8D0}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{AE3D8491-5855-428B-B128-C675FC77A9BC}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{EC76C9EA-925F-4364-A461-1F190935F86F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{738B1033-3D7E-4A5C-A26E-3BA8F267F92F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{893DDDFA-5E04-46B8-9916-39FEE6F31702}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{B3D18C0C-33DA-4EF7-8B1D-208592092310}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{97E1BE0E-83B9-4A97-8054-3C1CD7D71792}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{AEF87B0B-6E32-4975-B6CA-8B146CC1F4B9}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{E1D2DA73-58A2-4725-A288-DFB6549ACA8F}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{25D7A12D-3191-4B72-8FC0-6DC212871460}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{6DE27CC4-C6C4-4A76-8CCA-849AD25A5EDC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FB759D5E-E0ED-42D8-AF33-E3D94DEB97FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{38DDB20F-9C0F-4CD0-9D7F-1F973FD001F3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{EFB724D3-3F55-48F2-A75B-B3E15CF34A63}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5A8AAB77-CE8A-4007-ACBE-52C262BA5423}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{460962FE-1BAA-4F10-B5C0-A2EEFAD1C0C0}] => (Allow) LPort=2869
FirewallRules: [{58323337-8427-41AD-883B-638855AD574E}] => (Allow) LPort=1900
FirewallRules: [{613F1A7E-74D0-486F-BF40-5F3222CC3538}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C3487AB2-1C90-4420-BEB3-32C9C54EB4B3}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{92502DF1-38BB-43EB-96E8-5FAF0866CB9C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FA25AD8D-4259-433F-8DC7-E6A9DE4F62C6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{1F56D78B-994E-408A-A686-C4BC9B69AA14}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [UDP Query User{0F5CFE95-352B-4C90-90B2-AE0DAA94C76B}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [{49FAB8C8-466E-4D14-A9C0-B7BE99DD1A73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F4134B77-7B47-45A7-8DB3-784D80C786EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8E81F380-DCDF-433C-969E-380FA15601DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8CD30870-F5B4-427D-8F1C-C90C7DDD7F21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B2B1DB23-E564-47F4-980F-72B25D107386}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEADE5D0-4B28-4071-8EBB-BF7705728B9C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AC071B5F-D898-4365-95E0-5A8B55C5241A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{81EFF28D-E575-4CEA-8E7B-C4E761BC6247}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F2E7B380-CA54-42CD-921A-0CAAD1068FB3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{5A313BE2-EC03-4CB7-B2A8-2749E011C5A1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B35FC85D-1814-4921-86D7-3AD4F50F3EB9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E1E8A7A0-3427-4AE7-9339-24288A441128}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{003D1518-510F-4318-93A4-48A25671D6BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{E2E2CEB1-EF47-4E5B-870A-EC910992DD6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{6D754AFE-CBD6-4F9D-9731-04AB64FD526F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{4D368A30-F1C9-4580-880E-D31011DB2030}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King's Quest\Binaries\Win\KingsQuest.exe
FirewallRules: [{BF0D39E3-AFA6-4E8E-B4FF-706B6B803718}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F3D88852-2A44-4904-977C-564CC9D0BE8A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
22-05-2017 23:41:22 Windows Update
05-07-2017 21:14:18 Windows Update
09-07-2017 20:17:49 Windows Update
11-07-2017 16:31:56 Removing COMODO Antivirus 10
11-07-2017 16:52:06 Revo Uninstaller's restore point - COMODO Antivirus
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/11/2017 05:27:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Christi-laptop)
Description: Package Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (07/11/2017 05:18:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/11/2017 05:13:25 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/11/2017 04:57:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (07/11/2017 04:55:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (07/11/2017 04:52:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (07/11/2017 04:52:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {caf9f34d-7413-404d-be34-1ba63695e201}
 
Error: (07/11/2017 04:45:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Christi-laptop)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/11/2017 04:45:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Christi-laptop)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/11/2017 04:31:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (07/12/2017 07:39:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/11/2017 11:04:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/11/2017 10:51:23 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
 
Error: (07/11/2017 10:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/11/2017 10:48:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/11/2017 10:48:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/11/2017 10:48:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/11/2017 10:48:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3 service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/11/2017 10:46:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/11/2017 06:17:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-11 16:14:46.692
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-11 16:14:12.763
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-11 16:14:11.385
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-11 16:13:08.335
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-11 09:07:34.422
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-11 09:07:26.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-11 09:07:25.984
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-11 09:06:25.469
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-11 08:58:44.507
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-07-11 08:58:28.965
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-5750M APU with Radeon™ HD Graphics 
Percentage of memory in use: 52%
Total physical RAM: 5327.26 MB
Available physical RAM: 2552.27 MB
Total Virtual: 6223.26 MB
Available Virtual: 3243.74 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:893.13 GB) (Free:665.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F91D03FF)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:09 PM

Posted 12 July 2017 - 08:55 PM

Thanks for being flexible.

I want to run another Fixlist but do it a different way. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode Using Attached File

--------------------
  • Please download and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply or, if too large attach the file to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 paudusd

paudusd
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 July 2017 - 08:02 AM

Still pretty slow. might be slightly faster? but seems pretty slow overall still.

 

I was having issues copy/pasting it.  So the log is attached.  Thanks  Attached File  Fixlog.txt   277.82KB   2 downloads



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:09 PM

Posted 13 July 2017 - 12:48 PM

Greetings,

Please do this.

===================================================

Windows Repair (All in One) Portable

--------------------
  • From a clean computer download Windows Repair (All in One) Portable onto a USB device
  • Press press Windows Key + E at the same time
  • Navigate to the tweaking.com_windows_repair_aio folder and Unzip the folder onto your USB device
  • Remove the USB device and insert it into the problem computer
  • Boot into Safe Mode with Networking
  • Press press Windows Key + E at the same time
  • Navigate to your USB and double click the Tweaking.com - Windows Repair folders (twice)
  • Double click on Repair_Windows.exe icon
  • Go to Step 3 and click on the Check button:
  • If your see Errors Found On The Drive! Check Disk Is Needed click Do It in the Check Disk (If Needed) box
  • Go to Step 4 and click Do It under System File Check
  • Go to Step 5 and click Create under System Restore
  • Go to the Repairs tab and click Open Repairs
  • Leave the default check marks and click Start Repairs
  • Your computer will reboot upon completion
  • Double click the Logs folder on your USB device
  • Double click the file folder created on today's date
  • Double click on _Windows_Repair_Log
  • Copy and paste the contents of the report in your reply
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows Repair log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 paudusd

paudusd
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 14 July 2017 - 11:32 PM

seems to still be operating about the same (real slow).  Nothing noticeably different.

 

 

Tweaking.com - Windows Repair v3.9.36
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.14393.1198
OS Service Pack: 
Computer Name: CHRISTI-LAPTOP
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\cpaulson12
Current Profile SID: S-1-5-21-185766733-1824046107-1153005522-1002
Current Profile Classes: S-1-5-21-185766733-1824046107-1153005522-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\cpaulson12\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:50:06
 
Process Count: 38
Commit Total: 1.05 GB
Commit Limit: 6.08 GB
Commit Peak: 2.46 GB
Handle Count: 13983
Kernel Total: 474.79 MB
Kernel Paged: 372.55 MB
Kernel Non Paged: 102.24 MB
System Cache: 4.16 GB
Thread Count: 483
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.20 GB
Memory Used: 1.16 GB(22.2775%)
Memory Avail.: 4.04 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 5.20 GB
Memory Used: 899.57 MB(16.8862%)
Memory Avail.: 4.32 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (7/13/2017 8:45:22 PM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 87
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (7/13/2017 8:45:28 PM)
 
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\hku.7z
Done,  0.5 seconds.
 
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\hklm.7z
Done,  10.92 seconds.
 
   Running Repair Under System Account
   Done (7/13/2017 8:46:35 PM)
 
Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (7/13/2017 8:46:35 PM)
 
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\default.7z
Done,  0.16 seconds.
 
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\profile.7z
Done,  0.25 seconds.
 
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\program_files.7z
Done,  0.69 seconds.
 
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\program_files_x86.7z
Done,  0.16 seconds.
 
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\programdata.7z
Done,  0.23 seconds.
 
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\windows.7z
Done,  2.88 seconds.
 
   Running Repair Under System Account
   Running Repair Under System Account
   Done (7/13/2017 10:04:26 PM)
 
04 - Register System Files
   Start (7/13/2017 10:04:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:05:24 PM)
 
05 - Repair WMI
   Start (7/13/2017 10:05:24 PM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   Exporting 3rd Party Firewall Info...
   Running Repair Under Current User Account
   Done (7/13/2017 10:10:30 PM)
 
06 - Repair Windows Firewall
   Start (7/13/2017 10:10:30 PM)
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.24 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:11:08 PM)
 
07 - Repair Internet Explorer
   Start (7/13/2017 10:11:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:11:34 PM)
 
08 - Repair MDAC/MS Jet
   Start (7/13/2017 10:11:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:11:44 PM)
 
09 - Repair Hosts File
   Start (7/13/2017 10:11:44 PM)
   Running Repair Under System Account
   Done (7/13/2017 10:11:45 PM)
 
10 - Remove Policies Set By Infections
   Start (7/13/2017 10:11:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:11:49 PM)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (7/13/2017 10:11:49 PM)
   Running Repair Under System Account
   Done (7/13/2017 10:11:50 PM)
 
12 - Repair Icons
   Start (7/13/2017 10:11:50 PM)
   Running Repair Under Current User Account
   Done (7/13/2017 10:12:00 PM)
 
13 - Repair Network
   Start (7/13/2017 10:12:00 PM)
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.2 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:12:22 PM)
 
14 - Remove Temp Files
   Start (7/13/2017 10:12:22 PM)
   Running Repair Under System Account
   Done (7/13/2017 10:12:24 PM)
 
15 - Repair Proxy Settings
   Start (7/13/2017 10:12:24 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:12:27 PM)
 
17 - Repair Windows Updates
   Start (7/13/2017 10:12:27 PM)
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.2 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (7/13/2017 10:14:06 PM)
 
18 - Repair CD/DVD Missing/Not Working
   Start (7/13/2017 10:14:06 PM)
   iTunes and GEARAspiWDM.sys was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (7/13/2017 10:14:06 PM)
 
19 - Repair Volume Shadow Copy Service
   Start (7/13/2017 10:14:06 PM)
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.41 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:14:29 PM)
 
20 - Repair Windows Sidebar/Gadgets
   Start (7/13/2017 10:14:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:14:31 PM)
 
21 - Repair MSI (Windows Installer)
   Start (7/13/2017 10:14:31 PM)
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.2 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:14:44 PM)
 
22 - Repair Windows Snipping Tool
   Start (7/13/2017 10:14:44 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:14:46 PM)
 
23.01 - Repair bat Association
   Start (7/13/2017 10:14:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:14:48 PM)
 
23.02 - Repair cmd Association
   Start (7/13/2017 10:14:48 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:14:50 PM)
 
23.03 - Repair com Association
   Start (7/13/2017 10:14:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:14:53 PM)
 
23.04 - Repair Directory Association
   Start (7/13/2017 10:14:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:14:55 PM)
 
23.05 - Repair Drive Association
   Start (7/13/2017 10:14:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:14:57 PM)
 
23.06 - Repair exe Association
   Start (7/13/2017 10:14:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:14:59 PM)
 
23.07 - Repair Folder Association
   Start (7/13/2017 10:15:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:15:02 PM)
 
23.08 - Repair inf Association
   Start (7/13/2017 10:15:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:15:04 PM)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (7/13/2017 10:15:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:15:06 PM)
 
23.10 - Repair msc Association
   Start (7/13/2017 10:15:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:15:08 PM)
 
23.11 - Repair reg Association
   Start (7/13/2017 10:15:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:15:11 PM)
 
23.12 - Repair scr Association
   Start (7/13/2017 10:15:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:15:13 PM)
 
24 - Repair Windows Safe Mode
   Start (7/13/2017 10:15:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:15:15 PM)
 
25 - Repair Print Spooler
   Start (7/13/2017 10:15:15 PM)
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.23 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:15:22 PM)
 
26 - Restore Important Windows Services
   Start (7/13/2017 10:15:22 PM)
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.2 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:15:33 PM)
 
27 - Set Windows Services To Default Startup
   Start (7/13/2017 10:15:33 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/13/2017 10:15:41 PM)
 
28.01 - Repair Windows 8/10 App Store
   Start (7/13/2017 10:15:41 PM)
 
Decompressing & Updating Windows Permission File F:\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\10\hku.7z
Done,  0.4 seconds.
 
   Running Repair Under Current User Account





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users