Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-04-2017 01
Ran by Dorkon (23-04-2017 19:42:33)
Running from C:\Users\Dorkon\Desktop
Windows 10 Home Version 1607 (X86) (2016-08-05 21:48:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark06 (HKLM\...\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}) (Version: 1.2.1 - Futuremark Corporation)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6D0F2ABB-E30F-9F89-6022-E3D581CB4155}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Assessments on Client (Version: 10.1.14393.0 - Microsoft) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
AVCHD Video Converter version 6.0.0 (HKLM\...\AVCHD Video Converter_is1) (Version: 6.0.0 - )
Balíček ovladače systému Windows - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Camera Support Core Library (Version: 7.3.0.4 - Canon) Hidden
Camera Window DS (Version: 5.3.1 - Canon) Hidden
Camera Window DVC (Version: 5.4.4 - Canon) Hidden
Camera Window MC (Version: 5.4.3 - Canon) Hidden
Canon Camera Support Core Library (HKLM\...\InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}) (Version: 7.3.0.4 - Canon)
Canon Camera WIA Driver (Version: 5.6 - Canon) Hidden
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}) (Version: 5.4.4 - Canon)
Canon Camera Window DSLR 5 for ZoomBrowser EX (HKLM\...\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}) (Version: 5.3.1 - Canon)
Canon Camera Window MC 5 for ZoomBrowser EX (HKLM\...\InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}) (Version: 5.4.3 - Canon)
Canon EOS Kiss_N REBEL_XT 350D WIA Driver (HKLM\...\InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}) (Version: 5.6 - Canon)
Canon PhotoRecord (HKLM\...\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}) (Version: 02.02.03002 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}) (Version: 2.2 - Canon)
Canon Utilities Digital Photo Professional (HKLM\...\Digital Photo Professional) (Version: 3.15.0.0 - Canon Inc.)
Canon Utilities EOS Capture 1.5 (HKLM\...\InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}) (Version: 1.5 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}) (Version: 3.1.16 - Canon)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.17.0.0 - Canon Inc.)
Canon ZoomBrowser EX (E) (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.05.0000 - Canon)
Capture NX-D (HKLM\...\{FBA8B592-5053-4F25-8333-5F42940E1BC1}) (Version: 1.4.3 - Nikon Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
COMODO Firewall (HKLM\...\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5}) (Version: 10.0.1.6209 - COMODO Security Solutions Inc.)
EOS Capture 1.5 (Version: 1.5 - Canon) Hidden
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Freemake Video Converter verze 4.1.9 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Futuremark SystemInfo (HKLM\...\{E540B871-3230-4C5B-AAD5-A30F64398275}) (Version: 4.48.599.0 - Futuremark)
Google Chrome (HKLM\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
HWiNFO32 Version 5.34 (HKLM\...\HWiNFO32_is1) (Version: 5.34 - Martin Malík - REALiX)
Imaging And Configuration Designer (Version: 10.1.14393.0 - Microsoft) Hidden
Imaging Designer (Version: 10.1.14393.0 - Microsoft) Hidden
Imaging Tools Support (Version: 10.1.14393.0 - Microsoft) Hidden
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kits Configuration Installer (Version: 10.1.14393.0 - Microsoft) Hidden
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microcular (HKLM\...\InstallShield_{2CBD0ADE-0EB2-491A-BDF8-17A738CFE264}) (Version: 0.1.3.5.0 - PC Camera)
Microcular (Version: 0.1.3.5.0 - PC Camera) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 cs) (HKLM\...\Mozilla Firefox 53.0 (x86 cs)) (Version: 53.0 - Mozilla)
MSI Afterburner 4.2.0 (HKLM\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.3.0 - Nikon Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (Version: 3.8.54.0 - Nokia) Hidden
OpenOffice 4.1.2 (HKLM\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
OpenOffice 4.1.3 (HKLM\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
Oposoft AVCHD Converter v7.7 (HKLM\...\AVCHD Converter_is1) (Version:  - OpoSoft.com Inc)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PhotoStitch (Version: 3.1.16 - Canon) Hidden
Picture Control Utility 2 (HKLM\...\{4946D03F-421F-480D-96C9-D6CF90640D33}) (Version: 2.2.2 - Nikon Corporation)
Pomocník při upgradu na Windows 10 (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17346 - Microsoft Corporation)
RAW Image Task 2.2 (Version: 2.2 - Canon) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
SafeZone Stable 3.55.2393.561 (Version: 3.55.2393.561 - Avast Software) Hidden
SafeZone Stable 3.55.2393.596 (Version: 3.55.2393.596 - Avast Software) Hidden
Toolkit Documentation (Version: 10.1.14393.0 - Microsoft) Hidden
UEV Tools on x86 (Version: 10.1.14393.0 - Microsoft) Hidden
Ulead Photo Explorer 7.0 SE (HKLM\...\{7C6D8763-EEB7-433E-A75E-2AB44892FCA2}) (Version:  - Ulead Systems, Inc.)
User State Migration Tool (Version: 10.1.14393.0 - Microsoft) Hidden
ViewNX-i (HKLM\...\{7FB2C831-5BDF-4AD0-9822-F5385DD676DA}) (Version: 1.2.4 - Nikon Corporation)
Vit Registry Fix 9.5.9 (remove only) (HKLM\...\Vit Registry Fix) (Version:  - VITSOFT)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Assessment and Deployment Kit - Windows 10 (HKLM\...\{39ebb79f-797c-418f-b329-97cfdf92b7ab}) (Version: 10.1.14393.0 - Microsoft Corporation)
WPT Redistributables (Version: 10.1.14393.0 - Microsoft) Hidden
WPTx86 (Version: 10.1.14393.0 - Microsoft) Hidden
XMedia Recode verze 3.3.5.7 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.5.7 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05878230-332A-4F25-8F8C-82AA5E104802} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {15BD23EA-A716-4483-8A1C-EF0F4F53C74D} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {1A8AC79F-0F07-4E41-9328-1C9BDB735F16} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-06] (COMODO)
Task: {29AFBF21-CA49-4C2C-9E0A-4A396B6D4B98} - System32\Tasks\SafeZone scheduled Autoupdate 1458689136 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {3221C51F-32E4-4F7F-A347-4F2A2C22E2AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-20] (Google Inc.)
Task: {3C1D3275-B7D4-4CCA-8FEB-07C3A1B07BED} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {64C97988-07CB-4102-A25E-5E52FEDDC72B} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {8CC2B859-944D-4F75-A664-E36CB6F773C8} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-04-06] (COMODO)
Task: {912E4E6B-F643-49CB-89F5-82FFB41C2DE2} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2017-04-06] (COMODO)
Task: {9A788CA4-0888-4955-BA71-1A4795688DD3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-04-16] (Microsoft Corporation)
Task: {A7BA8863-4222-4897-9B65-2C9876BAF742} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-20] (Google Inc.)
Task: {B1A6E830-4A54-40F0-8BF1-707437D8E0FA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-08] (AVAST Software)
Task: {D52903BD-5F9F-4F53-9B4A-D97C63F92D57} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {FA70239E-39F1-4AFC-A056-BE1F59D1BCE6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-04-06 23:03 - 2017-04-05 07:56 - 00132288 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdwrhlp.dll
2015-08-05 01:26 - 2017-04-05 07:55 - 00097984 _____ () C:\Program Files\COMODO\COMODO Internet Security\cavwpps.dll
2015-08-05 01:26 - 2017-04-05 07:55 - 00197824 _____ () C:\Program Files\COMODO\COMODO Internet Security\cmdcomps.dll
2016-07-16 10:25 - 2016-07-16 10:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-16 20:29 - 2017-03-28 08:15 - 02048496 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-04-16 20:29 - 2017-03-28 08:15 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-16 20:29 - 2017-03-28 08:15 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-06 00:00 - 2016-08-06 00:00 - 00679624 _____ () C:\Users\Dorkon\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-07-16 10:25 - 2016-07-16 10:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 20:21 - 2017-03-16 20:11 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-16 20:19 - 2017-03-16 20:06 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 20:19 - 2017-03-16 20:06 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 12:18 - 2016-09-14 12:18 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-16 20:29 - 2017-03-28 07:10 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-16 20:29 - 2017-03-28 07:11 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-08 00:18 - 2017-04-08 00:18 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-26 13:21 - 2016-06-26 13:21 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-08 00:18 - 2017-04-08 00:18 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-08 00:17 - 2017-04-08 00:17 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-08 00:18 - 2017-04-08 00:18 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-10 20:48 - 2017-04-10 20:48 - 00067584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2017-04-10 20:48 - 2017-04-10 20:48 - 00161792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-10 20:48 - 2017-04-10 20:48 - 30612992 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2017-04-10 20:48 - 2017-04-10 20:48 - 01670624 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x86__kzf8qxf38zg5c\skypert.dll
2017-04-03 23:31 - 2017-04-03 23:32 - 00019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-04-03 23:31 - 2017-04-03 23:32 - 18737664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-04-03 23:31 - 2017-04-03 23:32 - 00348160 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-04-03 23:31 - 2017-04-03 23:32 - 04739072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x86__8wekyb3d8bbwe\MediaEngine.dll
2016-06-03 23:45 - 2016-06-03 23:45 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-04-03 23:31 - 2017-04-03 23:32 - 00279552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x86__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-04-03 23:31 - 2017-04-03 23:32 - 00654848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x86__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-03-04 20:44 - 2016-03-04 20:44 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\avastSS.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\regedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\accountaccessor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AcpiServiceVnA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActionCenterCPL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActivationManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ActiveSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AddressParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTACap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTARen.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppCapture.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppContracts.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ApplicationFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppointmentApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppReadiness.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxPackaging.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audioLibVc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSrvPolicyManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\autoplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\azroleui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BackgroundMediaPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basecsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdeunlock.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingMaps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BingOnlineServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\biwinrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BluetoothDesktopHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BootMenuUX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bootux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\browserbroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\BrowserSettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BthRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CameraCaptureUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ccdcmbwu.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpusersvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cemapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certprop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CfgSPCellular.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\chartv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ChatApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cloudAP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmifw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cmintegrator.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comdlg32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConfigureExpandedStorage.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactActivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ContactApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovhost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\credprovslegacy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CspCellularSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX32APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d10warp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d11.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dab.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DafPrintProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataExchange.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DavSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\daxexec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dbgeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DbgModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dcntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddraw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ddrawex.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DeviceEnroller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceFlows.DataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceReactivation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DevicesFlowBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dialserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\discan.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DMRServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv201.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv211.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDecMFT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\drvstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dsreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsregcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSBassEnhancementDLL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSBoostDLL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGainCompensatorDLL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPONS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLFXAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLimiterDLL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSNeoPCDLL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2HeadphoneDLL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2SpeakerDLL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSSymmetryDLL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PGFX32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PLFX32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PREC32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSVoiceClarityDLL.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DuCsps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxgi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DXP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EAMProgressHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditBufferTestHook.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EditionUpgradeManagerObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EDPCleanup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\efsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EmailApis.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAPNCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ErrorDetailsUpdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\esentutl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExtrasXmlParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Family.Client.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ffbroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhsettingsprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhtask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\findnetprinters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FMAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fontext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvenotify.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fvewiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GenValObj.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gpsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\hal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\halmacpi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hevcdecoder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HiFiDAX2API.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HttpsDataSource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ICEsoundAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icfupgd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\icsvcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\imapi2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ImplatSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\INETWH32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\input.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InputLocaleManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\internetmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ipnathlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iprtrmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iscsiwmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\JpMapControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jsproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KAAPORT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LaunchWinApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppBroker.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LogonController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lpremove.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\main.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\manage-bde.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapConfiguration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapControlStringsRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapGeocoder.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MapRouter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsBtSvcProxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MapsStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mapstoasttask.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mapsupdatetask.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO50.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO60.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO70.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioRealtek.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxSpeechAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCCSEngineShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MDMAppInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mdmregistration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfaudiocnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmkvsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFPlay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfreadwrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft-windows-system-events.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\migisol.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MISS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MMDevAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\modernexecserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosHostClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\moshostcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosResource.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MosStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprddm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mprdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MrmCoreR.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\MSAC3ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscandui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mscms.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctfui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdtcuiu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msinfo32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSPhotography.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssitlb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msutb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVP9DEC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSVPXENC.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxclu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MultiDigiMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICAPOlfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NahimicAPONSControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICV2apo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nativemap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiohlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupShim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetSetupSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nettrace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkDesktopSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkUXBroker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NfcRadioMedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngccredprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrGidsHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NgcCtnrSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ngcsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nltest.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NMAA.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NmaDirect.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nmwcdcocls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\NotificationController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NPSM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offreg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PCPTpm12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\phoneactivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneProviders.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneServiceRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Phoneutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhoneutilRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PimIndexMaintenance.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Pimstore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PlayToReceiver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pnidui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\policymanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\POSyncServices.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\powercfg.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PresentationNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintDialogs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PrintRenderAPIHost.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvSysprep.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProximityCommon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsmServiceExtHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pwrshplugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEA32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EED32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEG32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEL32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEP32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rascustom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasgcw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rasmans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpencom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RDXService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReAgentc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RelPost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\remoteaudioendpoint.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemoteNaturalLanguage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ReportingCSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\resutils.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RjvMDMConfig.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RltkAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RMapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DAA32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DHT32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEED32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEG32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEL32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEP32A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkApoApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCoInstII.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCoLDR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkPgExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTMediaFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTSndMgr.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTWorkQ.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ScDeviceEnum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\scksp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEAPO32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchFolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SecConfig.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SECOMN32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEHDRA32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sendmail.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Sens.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorDataService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SensorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SessEnv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\setupugc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFNHK.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFSS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sharemediacpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\sl3apo32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slcnt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slprp32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sltech32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SndVolSSO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpaceControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spaceman.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SpeechPal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppnp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppwinob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRHInproc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SRRPTR.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSHP360.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSHD.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSXT.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSWOW.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sud.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Tabbtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tabcal.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TabletPC.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskbarcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tbauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TepeqAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TextInputFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\thumbcache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TokenBrokerCookies.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosade.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosasfapo32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\toseaeapo32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tossaeapo32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tossaemaxapo32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmCoreProvisioning.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TpmTasks.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.pcshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzautoupdate.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uDWM.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAnimation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIRibbon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Ulead Photo Explorer.scr:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\umpoext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Unistore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\usbmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataAccessRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataLanguageUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDataTypeHelperUtil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UserLanguagesCpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usermgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vcamp140.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\VCardParser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vds.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VEStoreEventHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vmrdvcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VPNv2CSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WavesLib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbiosrvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcmsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wcnwiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wc_storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdfcoinstaller01009.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\weretw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiConfigSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wificonnapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifinetworkmanager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifiprofilessettinghandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifitask.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModelOOBE.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Cortana.OneCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Energy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Networking.Vpn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Perception.Stub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.StateRepository.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Storage.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.System.SystemManagement.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BioFeedback.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Cred.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.CredDialogController.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Shell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winhttp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wininetlui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winspool.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wksprt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wkssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlancfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WlanMediaManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMPDMC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpdxm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpeffects.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmpshell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WordBreakers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFolders.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersGPExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkFoldersShell.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcMon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WpcRefreshTask.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WpcTok.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WPDShServiceObj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpncore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpnprv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ws2_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscinterop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsecedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_sr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WwaApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWanAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanconn.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanmm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSave.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XblGameSaveExt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XboxNetApiSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XInputUap.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xolehlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xpsrchvw.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\zipfldr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\acpi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdiox86.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bowser.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\capimg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ccdcmb.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ccdcmbo.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ClipSp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cmimcext.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\crashdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fastfat.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvsocket.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\iorate.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ks.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\MegaSas2i.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\modem.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mskssrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nwifi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pccsmcfd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RTKVHDA.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storahci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpipreg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbser_lowerflt.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbser_lowerfltj.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmbkmcl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wcifs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdiWiFi.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wof.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xboxgip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dorkon\Desktop\PixelFixer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dorkon\Desktop\PixelFixer.exe:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 10:28 - 2015-07-10 10:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4072197638-780615056-3421472845-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 10.255.255.10 - 10.255.255.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-4072197638-780615056-3421472845-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4072197638-780615056-3421472845-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4072197638-780615056-3421472845-1001\...\StartupApproved\Run: => "NokiaSuite.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7556F88C-2991-4E55-BD54-61AC341E5152}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{8B6D6BF9-3B87-4B99-BA43-A2C697195C5A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F3C4CDD4-727F-41A0-8B01-D175720C5EC0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4D5C755E-CAB2-480C-BC77-A970CAD70050}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{C716665A-BE6B-407E-A627-6907FD8879BA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A45D50FB-8913-4632-8E46-EA732388C493}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{F5109708-6E6B-47DC-AD9C-A7D1F22528D7}] => (Allow) C:\Program Files\FormatFactory\FFModules\Package\PTInstOnline.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

Dolo k systmov chyb 123.

Nzev souboru i adrese nebo jmenovka svazku je nesprvn.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
Percentage of memory in use: 34%
Total physical RAM: 3327.55 MB
Available physical RAM: 2170.77 MB
Total Virtual: 3903.55 MB
Available Virtual: 2547.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:82.57 GB) (Free:49.67 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:149.87 GB) (Free:130.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: DA8AFB11)
Partition 1: (Active) - (Size=82.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
Partition 3: (Not Active) - (Size=149.9 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================